1 /* src/prism2/driver/hfa384x_usb.c
2 *
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
4 *
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
7 *
8 * linux-wlan
9 *
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
14 *
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
19 *
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
30 *
31 * --------------------------------------------------------------------
32 *
33 * Inquiries regarding the linux-wlan Open Source project can be
34 * made directly to:
35 *
36 * AbsoluteValue Systems Inc.
37 * info@linux-wlan.com
38 * http://www.linux-wlan.com
39 *
40 * --------------------------------------------------------------------
41 *
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
44 *
45 * --------------------------------------------------------------------
46 *
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
49 *
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invokations of the API layer (e.g. write to bap, followed by cmd).
56 *
57 * Common sequences:
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
62 *
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
69 *
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
81 *
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
86 *
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
90 *
91 * hfa384x_dl_xxx download related functions.
92 *
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
101 * create()
102 * start()
103 * .
104 * . Do interesting things w/ the hardware
105 * .
106 * stop()
107 * destroy()
108 *
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
111 */
112
113 /*================================================================*/
114 /* System Includes */
115 #define WLAN_DBVAR prism2_debug
116
117 #include <linux/version.h>
118
119 #include <linux/module.h>
120 #include <linux/kernel.h>
121 #include <linux/sched.h>
122 #include <linux/types.h>
123 #include <linux/slab.h>
124 #include <linux/wireless.h>
125 #include <linux/netdevice.h>
126 #include <linux/timer.h>
127 #include <asm/io.h>
128 #include <linux/delay.h>
129 #include <asm/byteorder.h>
130 #include <asm/bitops.h>
131 #include <linux/list.h>
132 #include <linux/usb.h>
133
134 #include "wlan_compat.h"
135
136 #define SUBMIT_URB(u,f) usb_submit_urb(u,f)
137
138 /*================================================================*/
139 /* Project Includes */
140
141 #include "p80211types.h"
142 #include "p80211hdr.h"
143 #include "p80211mgmt.h"
144 #include "p80211conv.h"
145 #include "p80211msg.h"
146 #include "p80211netdev.h"
147 #include "p80211req.h"
148 #include "p80211metadef.h"
149 #include "p80211metastruct.h"
150 #include "hfa384x.h"
151 #include "prism2mgmt.h"
152
153 /*================================================================*/
154 /* Local Constants */
155
156 enum cmd_mode
157 {
158 DOWAIT = 0,
159 DOASYNC
160 };
161 typedef enum cmd_mode CMD_MODE;
162
163 #define THROTTLE_JIFFIES (HZ/8)
164
165 /*================================================================*/
166 /* Local Macros */
167
168 #define ROUNDUP64(a) (((a)+63)&~63)
169
170 /*================================================================*/
171 /* Local Types */
172
173 /*================================================================*/
174 /* Local Static Definitions */
175 extern int prism2_debug;
176
177 /*================================================================*/
178 /* Local Function Declarations */
179
180 #ifdef DEBUG_USB
181 static void
182 dbprint_urb(struct urb* urb);
183 #endif
184
185 static void
186 hfa384x_int_rxmonitor(
187 wlandevice_t *wlandev,
188 hfa384x_usb_rxfrm_t *rxfrm);
189
190 static void
191 hfa384x_usb_defer(struct work_struct *data);
192
193 static int
194 submit_rx_urb(hfa384x_t *hw, gfp_t flags);
195
196 static int
197 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t flags);
198
199 /*---------------------------------------------------*/
200 /* Callbacks */
201 static void
202 hfa384x_usbout_callback(struct urb *urb);
203 static void
204 hfa384x_ctlxout_callback(struct urb *urb);
205 static void
206 hfa384x_usbin_callback(struct urb *urb);
207
208 static void
209 hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
210
211 static void
212 hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb);
213
214 static void
215 hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
216
217 static void
218 hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout);
219
220 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
221 int urb_status);
222
223 /*---------------------------------------------------*/
224 /* Functions to support the prism2 usb command queue */
225
226 static void
227 hfa384x_usbctlxq_run(hfa384x_t *hw);
228
229 static void
230 hfa384x_usbctlx_reqtimerfn(unsigned long data);
231
232 static void
233 hfa384x_usbctlx_resptimerfn(unsigned long data);
234
235 static void
236 hfa384x_usb_throttlefn(unsigned long data);
237
238 static void
239 hfa384x_usbctlx_completion_task(unsigned long data);
240
241 static void
242 hfa384x_usbctlx_reaper_task(unsigned long data);
243
244 static int
245 hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
246
247 static void
248 unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
249
250 struct usbctlx_completor
251 {
252 int (*complete)(struct usbctlx_completor*);
253 };
254 typedef struct usbctlx_completor usbctlx_completor_t;
255
256 static int
257 hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
258 hfa384x_usbctlx_t *ctlx,
259 usbctlx_completor_t *completor);
260
261 static int
262 unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
263
264 static void
265 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
266
267 static void
268 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
269
270 static int
271 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
272 hfa384x_cmdresult_t *result);
273
274 static void
275 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
276 hfa384x_rridresult_t *result);
277
278 /*---------------------------------------------------*/
279 /* Low level req/resp CTLX formatters and submitters */
280 static int
281 hfa384x_docmd(
282 hfa384x_t *hw,
283 CMD_MODE mode,
284 hfa384x_metacmd_t *cmd,
285 ctlx_cmdcb_t cmdcb,
286 ctlx_usercb_t usercb,
287 void *usercb_data);
288
289 static int
290 hfa384x_dorrid(
291 hfa384x_t *hw,
292 CMD_MODE mode,
293 u16 rid,
294 void *riddata,
295 unsigned int riddatalen,
296 ctlx_cmdcb_t cmdcb,
297 ctlx_usercb_t usercb,
298 void *usercb_data);
299
300 static int
301 hfa384x_dowrid(
302 hfa384x_t *hw,
303 CMD_MODE mode,
304 u16 rid,
305 void *riddata,
306 unsigned int riddatalen,
307 ctlx_cmdcb_t cmdcb,
308 ctlx_usercb_t usercb,
309 void *usercb_data);
310
311 static int
312 hfa384x_dormem(
313 hfa384x_t *hw,
314 CMD_MODE mode,
315 u16 page,
316 u16 offset,
317 void *data,
318 unsigned int len,
319 ctlx_cmdcb_t cmdcb,
320 ctlx_usercb_t usercb,
321 void *usercb_data);
322
323 static int
324 hfa384x_dowmem(
325 hfa384x_t *hw,
326 CMD_MODE mode,
327 u16 page,
328 u16 offset,
329 void *data,
330 unsigned int len,
331 ctlx_cmdcb_t cmdcb,
332 ctlx_usercb_t usercb,
333 void *usercb_data);
334
335 static int
336 hfa384x_isgood_pdrcode(u16 pdrcode);
337
338 /*================================================================*/
339 /* Function Definitions */
ctlxstr(CTLX_STATE s)340 static inline const char* ctlxstr(CTLX_STATE s)
341 {
342 static const char* ctlx_str[] = {
343 "Initial state",
344 "Complete",
345 "Request failed",
346 "Request pending",
347 "Request packet submitted",
348 "Request packet completed",
349 "Response packet completed"
350 };
351
352 return ctlx_str[s];
353 };
354
355
356 static inline hfa384x_usbctlx_t*
get_active_ctlx(hfa384x_t * hw)357 get_active_ctlx(hfa384x_t *hw)
358 {
359 return list_entry(hw->ctlxq.active.next, hfa384x_usbctlx_t, list);
360 }
361
362
363 #ifdef DEBUG_USB
364 void
dbprint_urb(struct urb * urb)365 dbprint_urb(struct urb* urb)
366 {
367 WLAN_LOG_DEBUG(3,"urb->pipe=0x%08x\n", urb->pipe);
368 WLAN_LOG_DEBUG(3,"urb->status=0x%08x\n", urb->status);
369 WLAN_LOG_DEBUG(3,"urb->transfer_flags=0x%08x\n", urb->transfer_flags);
370 WLAN_LOG_DEBUG(3,"urb->transfer_buffer=0x%08x\n", (unsigned int)urb->transfer_buffer);
371 WLAN_LOG_DEBUG(3,"urb->transfer_buffer_length=0x%08x\n", urb->transfer_buffer_length);
372 WLAN_LOG_DEBUG(3,"urb->actual_length=0x%08x\n", urb->actual_length);
373 WLAN_LOG_DEBUG(3,"urb->bandwidth=0x%08x\n", urb->bandwidth);
374 WLAN_LOG_DEBUG(3,"urb->setup_packet(ctl)=0x%08x\n", (unsigned int)urb->setup_packet);
375 WLAN_LOG_DEBUG(3,"urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
376 WLAN_LOG_DEBUG(3,"urb->interval(irq)=0x%08x\n", urb->interval);
377 WLAN_LOG_DEBUG(3,"urb->error_count(iso)=0x%08x\n", urb->error_count);
378 WLAN_LOG_DEBUG(3,"urb->timeout=0x%08x\n", urb->timeout);
379 WLAN_LOG_DEBUG(3,"urb->context=0x%08x\n", (unsigned int)urb->context);
380 WLAN_LOG_DEBUG(3,"urb->complete=0x%08x\n", (unsigned int)urb->complete);
381 }
382 #endif
383
384
385 /*----------------------------------------------------------------
386 * submit_rx_urb
387 *
388 * Listen for input data on the BULK-IN pipe. If the pipe has
389 * stalled then schedule it to be reset.
390 *
391 * Arguments:
392 * hw device struct
393 * memflags memory allocation flags
394 *
395 * Returns:
396 * error code from submission
397 *
398 * Call context:
399 * Any
400 ----------------------------------------------------------------*/
401 static int
submit_rx_urb(hfa384x_t * hw,gfp_t memflags)402 submit_rx_urb(hfa384x_t *hw, gfp_t memflags)
403 {
404 struct sk_buff *skb;
405 int result;
406
407 DBFENTER;
408
409 skb = dev_alloc_skb(sizeof(hfa384x_usbin_t));
410 if (skb == NULL) {
411 result = -ENOMEM;
412 goto done;
413 }
414
415 /* Post the IN urb */
416 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
417 hw->endp_in,
418 skb->data, sizeof(hfa384x_usbin_t),
419 hfa384x_usbin_callback, hw->wlandev);
420
421 hw->rx_urb_skb = skb;
422
423 result = -ENOLINK;
424 if ( !hw->wlandev->hwremoved && !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
425 result = SUBMIT_URB(&hw->rx_urb, memflags);
426
427 /* Check whether we need to reset the RX pipe */
428 if (result == -EPIPE) {
429 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
430 hw->wlandev->netdev->name);
431 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
432 schedule_work(&hw->usb_work);
433 }
434 }
435
436 /* Don't leak memory if anything should go wrong */
437 if (result != 0) {
438 dev_kfree_skb(skb);
439 hw->rx_urb_skb = NULL;
440 }
441
442 done:
443
444 DBFEXIT;
445 return result;
446 }
447
448 /*----------------------------------------------------------------
449 * submit_tx_urb
450 *
451 * Prepares and submits the URB of transmitted data. If the
452 * submission fails then it will schedule the output pipe to
453 * be reset.
454 *
455 * Arguments:
456 * hw device struct
457 * tx_urb URB of data for tranmission
458 * memflags memory allocation flags
459 *
460 * Returns:
461 * error code from submission
462 *
463 * Call context:
464 * Any
465 ----------------------------------------------------------------*/
466 static int
submit_tx_urb(hfa384x_t * hw,struct urb * tx_urb,gfp_t memflags)467 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t memflags)
468 {
469 struct net_device *netdev = hw->wlandev->netdev;
470 int result;
471
472 DBFENTER;
473
474 result = -ENOLINK;
475 if ( netif_running(netdev) ) {
476
477 if ( !hw->wlandev->hwremoved && !test_bit(WORK_TX_HALT, &hw->usb_flags) ) {
478 result = SUBMIT_URB(tx_urb, memflags);
479
480 /* Test whether we need to reset the TX pipe */
481 if (result == -EPIPE) {
482 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
483 netdev->name);
484 set_bit(WORK_TX_HALT, &hw->usb_flags);
485 schedule_work(&hw->usb_work);
486 } else if (result == 0) {
487 netif_stop_queue(netdev);
488 }
489 }
490 }
491
492 DBFEXIT;
493
494 return result;
495 }
496
497 /*----------------------------------------------------------------
498 * hfa394x_usb_defer
499 *
500 * There are some things that the USB stack cannot do while
501 * in interrupt context, so we arrange this function to run
502 * in process context.
503 *
504 * Arguments:
505 * hw device structure
506 *
507 * Returns:
508 * nothing
509 *
510 * Call context:
511 * process (by design)
512 ----------------------------------------------------------------*/
513 static void
hfa384x_usb_defer(struct work_struct * data)514 hfa384x_usb_defer(struct work_struct *data)
515 {
516 hfa384x_t *hw = container_of(data, struct hfa384x, usb_work);
517 struct net_device *netdev = hw->wlandev->netdev;
518
519 DBFENTER;
520
521 /* Don't bother trying to reset anything if the plug
522 * has been pulled ...
523 */
524 if ( hw->wlandev->hwremoved ) {
525 DBFEXIT;
526 return;
527 }
528
529 /* Reception has stopped: try to reset the input pipe */
530 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
531 int ret;
532
533 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
534
535 ret = usb_clear_halt(hw->usb, hw->endp_in);
536 if (ret != 0) {
537 printk(KERN_ERR
538 "Failed to clear rx pipe for %s: err=%d\n",
539 netdev->name, ret);
540 } else {
541 printk(KERN_INFO "%s rx pipe reset complete.\n",
542 netdev->name);
543 clear_bit(WORK_RX_HALT, &hw->usb_flags);
544 set_bit(WORK_RX_RESUME, &hw->usb_flags);
545 }
546 }
547
548 /* Resume receiving data back from the device. */
549 if ( test_bit(WORK_RX_RESUME, &hw->usb_flags) ) {
550 int ret;
551
552 ret = submit_rx_urb(hw, GFP_KERNEL);
553 if (ret != 0) {
554 printk(KERN_ERR
555 "Failed to resume %s rx pipe.\n", netdev->name);
556 } else {
557 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
558 }
559 }
560
561 /* Transmission has stopped: try to reset the output pipe */
562 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
563 int ret;
564
565 usb_kill_urb(&hw->tx_urb);
566 ret = usb_clear_halt(hw->usb, hw->endp_out);
567 if (ret != 0) {
568 printk(KERN_ERR
569 "Failed to clear tx pipe for %s: err=%d\n",
570 netdev->name, ret);
571 } else {
572 printk(KERN_INFO "%s tx pipe reset complete.\n",
573 netdev->name);
574 clear_bit(WORK_TX_HALT, &hw->usb_flags);
575 set_bit(WORK_TX_RESUME, &hw->usb_flags);
576
577 /* Stopping the BULK-OUT pipe also blocked
578 * us from sending any more CTLX URBs, so
579 * we need to re-run our queue ...
580 */
581 hfa384x_usbctlxq_run(hw);
582 }
583 }
584
585 /* Resume transmitting. */
586 if ( test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags) ) {
587 netif_wake_queue(hw->wlandev->netdev);
588 }
589
590 DBFEXIT;
591 }
592
593
594 /*----------------------------------------------------------------
595 * hfa384x_create
596 *
597 * Sets up the hfa384x_t data structure for use. Note this
598 * does _not_ intialize the actual hardware, just the data structures
599 * we use to keep track of its state.
600 *
601 * Arguments:
602 * hw device structure
603 * irq device irq number
604 * iobase i/o base address for register access
605 * membase memory base address for register access
606 *
607 * Returns:
608 * nothing
609 *
610 * Side effects:
611 *
612 * Call context:
613 * process
614 ----------------------------------------------------------------*/
615 void
hfa384x_create(hfa384x_t * hw,struct usb_device * usb)616 hfa384x_create( hfa384x_t *hw, struct usb_device *usb)
617 {
618 DBFENTER;
619
620 memset(hw, 0, sizeof(hfa384x_t));
621 hw->usb = usb;
622
623 /* set up the endpoints */
624 hw->endp_in = usb_rcvbulkpipe(usb, 1);
625 hw->endp_out = usb_sndbulkpipe(usb, 2);
626
627 /* Set up the waitq */
628 init_waitqueue_head(&hw->cmdq);
629
630 /* Initialize the command queue */
631 spin_lock_init(&hw->ctlxq.lock);
632 INIT_LIST_HEAD(&hw->ctlxq.pending);
633 INIT_LIST_HEAD(&hw->ctlxq.active);
634 INIT_LIST_HEAD(&hw->ctlxq.completing);
635 INIT_LIST_HEAD(&hw->ctlxq.reapable);
636
637 /* Initialize the authentication queue */
638 skb_queue_head_init(&hw->authq);
639
640 tasklet_init(&hw->reaper_bh,
641 hfa384x_usbctlx_reaper_task,
642 (unsigned long)hw);
643 tasklet_init(&hw->completion_bh,
644 hfa384x_usbctlx_completion_task,
645 (unsigned long)hw);
646 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
647 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
648
649 init_timer(&hw->throttle);
650 hw->throttle.function = hfa384x_usb_throttlefn;
651 hw->throttle.data = (unsigned long)hw;
652
653 init_timer(&hw->resptimer);
654 hw->resptimer.function = hfa384x_usbctlx_resptimerfn;
655 hw->resptimer.data = (unsigned long)hw;
656
657 init_timer(&hw->reqtimer);
658 hw->reqtimer.function = hfa384x_usbctlx_reqtimerfn;
659 hw->reqtimer.data = (unsigned long)hw;
660
661 usb_init_urb(&hw->rx_urb);
662 usb_init_urb(&hw->tx_urb);
663 usb_init_urb(&hw->ctlx_urb);
664
665 hw->link_status = HFA384x_LINK_NOTCONNECTED;
666 hw->state = HFA384x_STATE_INIT;
667
668 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
669 init_timer(&hw->commsqual_timer);
670 hw->commsqual_timer.data = (unsigned long) hw;
671 hw->commsqual_timer.function = prism2sta_commsqual_timer;
672
673 DBFEXIT;
674 }
675
676
677 /*----------------------------------------------------------------
678 * hfa384x_destroy
679 *
680 * Partner to hfa384x_create(). This function cleans up the hw
681 * structure so that it can be freed by the caller using a simple
682 * kfree. Currently, this function is just a placeholder. If, at some
683 * point in the future, an hw in the 'shutdown' state requires a 'deep'
684 * kfree, this is where it should be done. Note that if this function
685 * is called on a _running_ hw structure, the drvr_stop() function is
686 * called.
687 *
688 * Arguments:
689 * hw device structure
690 *
691 * Returns:
692 * nothing, this function is not allowed to fail.
693 *
694 * Side effects:
695 *
696 * Call context:
697 * process
698 ----------------------------------------------------------------*/
699 void
hfa384x_destroy(hfa384x_t * hw)700 hfa384x_destroy( hfa384x_t *hw)
701 {
702 struct sk_buff *skb;
703
704 DBFENTER;
705
706 if ( hw->state == HFA384x_STATE_RUNNING ) {
707 hfa384x_drvr_stop(hw);
708 }
709 hw->state = HFA384x_STATE_PREINIT;
710
711 if (hw->scanresults) {
712 kfree(hw->scanresults);
713 hw->scanresults = NULL;
714 }
715
716 /* Now to clean out the auth queue */
717 while ( (skb = skb_dequeue(&hw->authq)) ) {
718 dev_kfree_skb(skb);
719 }
720
721 DBFEXIT;
722 }
723
724
725 /*----------------------------------------------------------------
726 */
usbctlx_alloc(void)727 static hfa384x_usbctlx_t* usbctlx_alloc(void)
728 {
729 hfa384x_usbctlx_t *ctlx;
730
731 ctlx = kmalloc(sizeof(*ctlx), in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
732 if (ctlx != NULL)
733 {
734 memset(ctlx, 0, sizeof(*ctlx));
735 init_completion(&ctlx->done);
736 }
737
738 return ctlx;
739 }
740
741
742 /*----------------------------------------------------------------
743 *
744 ----------------------------------------------------------------*/
745 static int
usbctlx_get_status(const hfa384x_usb_cmdresp_t * cmdresp,hfa384x_cmdresult_t * result)746 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
747 hfa384x_cmdresult_t *result)
748 {
749 DBFENTER;
750
751 result->status = hfa384x2host_16(cmdresp->status);
752 result->resp0 = hfa384x2host_16(cmdresp->resp0);
753 result->resp1 = hfa384x2host_16(cmdresp->resp1);
754 result->resp2 = hfa384x2host_16(cmdresp->resp2);
755
756 WLAN_LOG_DEBUG(4, "cmdresult:status=0x%04x "
757 "resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
758 result->status,
759 result->resp0,
760 result->resp1,
761 result->resp2);
762
763 DBFEXIT;
764 return (result->status & HFA384x_STATUS_RESULT);
765 }
766
767 static void
usbctlx_get_rridresult(const hfa384x_usb_rridresp_t * rridresp,hfa384x_rridresult_t * result)768 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
769 hfa384x_rridresult_t *result)
770 {
771 DBFENTER;
772
773 result->rid = hfa384x2host_16(rridresp->rid);
774 result->riddata = rridresp->data;
775 result->riddata_len = ((hfa384x2host_16(rridresp->frmlen) - 1) * 2);
776
777 DBFEXIT;
778 }
779
780
781 /*----------------------------------------------------------------
782 * Completor object:
783 * This completor must be passed to hfa384x_usbctlx_complete_sync()
784 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
785 ----------------------------------------------------------------*/
786 struct usbctlx_cmd_completor
787 {
788 usbctlx_completor_t head;
789
790 const hfa384x_usb_cmdresp_t *cmdresp;
791 hfa384x_cmdresult_t *result;
792 };
793 typedef struct usbctlx_cmd_completor usbctlx_cmd_completor_t;
794
usbctlx_cmd_completor_fn(usbctlx_completor_t * head)795 static int usbctlx_cmd_completor_fn(usbctlx_completor_t *head)
796 {
797 usbctlx_cmd_completor_t *complete = (usbctlx_cmd_completor_t*)head;
798 return usbctlx_get_status(complete->cmdresp, complete->result);
799 }
800
801 static inline usbctlx_completor_t*
init_cmd_completor(usbctlx_cmd_completor_t * completor,const hfa384x_usb_cmdresp_t * cmdresp,hfa384x_cmdresult_t * result)802 init_cmd_completor(usbctlx_cmd_completor_t *completor,
803 const hfa384x_usb_cmdresp_t *cmdresp,
804 hfa384x_cmdresult_t *result)
805 {
806 completor->head.complete = usbctlx_cmd_completor_fn;
807 completor->cmdresp = cmdresp;
808 completor->result = result;
809 return &(completor->head);
810 }
811
812 /*----------------------------------------------------------------
813 * Completor object:
814 * This completor must be passed to hfa384x_usbctlx_complete_sync()
815 * when processing a CTLX that reads a RID.
816 ----------------------------------------------------------------*/
817 struct usbctlx_rrid_completor
818 {
819 usbctlx_completor_t head;
820
821 const hfa384x_usb_rridresp_t *rridresp;
822 void *riddata;
823 unsigned int riddatalen;
824 };
825 typedef struct usbctlx_rrid_completor usbctlx_rrid_completor_t;
826
usbctlx_rrid_completor_fn(usbctlx_completor_t * head)827 static int usbctlx_rrid_completor_fn(usbctlx_completor_t *head)
828 {
829 usbctlx_rrid_completor_t *complete = (usbctlx_rrid_completor_t*)head;
830 hfa384x_rridresult_t rridresult;
831
832 usbctlx_get_rridresult(complete->rridresp, &rridresult);
833
834 /* Validate the length, note body len calculation in bytes */
835 if ( rridresult.riddata_len != complete->riddatalen ) {
836 WLAN_LOG_WARNING(
837 "RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
838 rridresult.rid,
839 complete->riddatalen,
840 rridresult.riddata_len);
841 return -ENODATA;
842 }
843
844 memcpy(complete->riddata,
845 rridresult.riddata,
846 complete->riddatalen);
847 return 0;
848 }
849
850 static inline usbctlx_completor_t*
init_rrid_completor(usbctlx_rrid_completor_t * completor,const hfa384x_usb_rridresp_t * rridresp,void * riddata,unsigned int riddatalen)851 init_rrid_completor(usbctlx_rrid_completor_t *completor,
852 const hfa384x_usb_rridresp_t *rridresp,
853 void *riddata,
854 unsigned int riddatalen)
855 {
856 completor->head.complete = usbctlx_rrid_completor_fn;
857 completor->rridresp = rridresp;
858 completor->riddata = riddata;
859 completor->riddatalen = riddatalen;
860 return &(completor->head);
861 }
862
863 /*----------------------------------------------------------------
864 * Completor object:
865 * Interprets the results of a synchronous RID-write
866 ----------------------------------------------------------------*/
867 typedef usbctlx_cmd_completor_t usbctlx_wrid_completor_t;
868 #define init_wrid_completor init_cmd_completor
869
870 /*----------------------------------------------------------------
871 * Completor object:
872 * Interprets the results of a synchronous memory-write
873 ----------------------------------------------------------------*/
874 typedef usbctlx_cmd_completor_t usbctlx_wmem_completor_t;
875 #define init_wmem_completor init_cmd_completor
876
877 /*----------------------------------------------------------------
878 * Completor object:
879 * Interprets the results of a synchronous memory-read
880 ----------------------------------------------------------------*/
881 struct usbctlx_rmem_completor
882 {
883 usbctlx_completor_t head;
884
885 const hfa384x_usb_rmemresp_t *rmemresp;
886 void *data;
887 unsigned int len;
888 };
889 typedef struct usbctlx_rmem_completor usbctlx_rmem_completor_t;
890
usbctlx_rmem_completor_fn(usbctlx_completor_t * head)891 static int usbctlx_rmem_completor_fn(usbctlx_completor_t *head)
892 {
893 usbctlx_rmem_completor_t *complete = (usbctlx_rmem_completor_t*)head;
894
895 WLAN_LOG_DEBUG(4,"rmemresp:len=%d\n", complete->rmemresp->frmlen);
896 memcpy(complete->data, complete->rmemresp->data, complete->len);
897 return 0;
898 }
899
900 static inline usbctlx_completor_t*
init_rmem_completor(usbctlx_rmem_completor_t * completor,hfa384x_usb_rmemresp_t * rmemresp,void * data,unsigned int len)901 init_rmem_completor(usbctlx_rmem_completor_t *completor,
902 hfa384x_usb_rmemresp_t *rmemresp,
903 void *data,
904 unsigned int len)
905 {
906 completor->head.complete = usbctlx_rmem_completor_fn;
907 completor->rmemresp = rmemresp;
908 completor->data = data;
909 completor->len = len;
910 return &(completor->head);
911 }
912
913 /*----------------------------------------------------------------
914 * hfa384x_cb_status
915 *
916 * Ctlx_complete handler for async CMD type control exchanges.
917 * mark the hw struct as such.
918 *
919 * Note: If the handling is changed here, it should probably be
920 * changed in docmd as well.
921 *
922 * Arguments:
923 * hw hw struct
924 * ctlx completed CTLX
925 *
926 * Returns:
927 * nothing
928 *
929 * Side effects:
930 *
931 * Call context:
932 * interrupt
933 ----------------------------------------------------------------*/
934 static void
hfa384x_cb_status(hfa384x_t * hw,const hfa384x_usbctlx_t * ctlx)935 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
936 {
937 DBFENTER;
938
939 if ( ctlx->usercb != NULL ) {
940 hfa384x_cmdresult_t cmdresult;
941
942 if (ctlx->state != CTLX_COMPLETE) {
943 memset(&cmdresult, 0, sizeof(cmdresult));
944 cmdresult.status = HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
945 } else {
946 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
947 }
948
949 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
950 }
951
952 DBFEXIT;
953 }
954
955
956 /*----------------------------------------------------------------
957 * hfa384x_cb_rrid
958 *
959 * CTLX completion handler for async RRID type control exchanges.
960 *
961 * Note: If the handling is changed here, it should probably be
962 * changed in dorrid as well.
963 *
964 * Arguments:
965 * hw hw struct
966 * ctlx completed CTLX
967 *
968 * Returns:
969 * nothing
970 *
971 * Side effects:
972 *
973 * Call context:
974 * interrupt
975 ----------------------------------------------------------------*/
976 static void
hfa384x_cb_rrid(hfa384x_t * hw,const hfa384x_usbctlx_t * ctlx)977 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
978 {
979 DBFENTER;
980
981 if ( ctlx->usercb != NULL ) {
982 hfa384x_rridresult_t rridresult;
983
984 if (ctlx->state != CTLX_COMPLETE) {
985 memset(&rridresult, 0, sizeof(rridresult));
986 rridresult.rid = hfa384x2host_16(ctlx->outbuf.rridreq.rid);
987 } else {
988 usbctlx_get_rridresult(&ctlx->inbuf.rridresp, &rridresult);
989 }
990
991 ctlx->usercb(hw, &rridresult, ctlx->usercb_data);
992 }
993
994 DBFEXIT;
995 }
996
997 static inline int
hfa384x_docmd_wait(hfa384x_t * hw,hfa384x_metacmd_t * cmd)998 hfa384x_docmd_wait(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
999 {
1000 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
1001 }
1002
1003 static inline int
hfa384x_docmd_async(hfa384x_t * hw,hfa384x_metacmd_t * cmd,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1004 hfa384x_docmd_async(hfa384x_t *hw,
1005 hfa384x_metacmd_t *cmd,
1006 ctlx_cmdcb_t cmdcb,
1007 ctlx_usercb_t usercb,
1008 void *usercb_data)
1009 {
1010 return hfa384x_docmd(hw, DOASYNC, cmd,
1011 cmdcb, usercb, usercb_data);
1012 }
1013
1014 static inline int
hfa384x_dorrid_wait(hfa384x_t * hw,u16 rid,void * riddata,unsigned int riddatalen)1015 hfa384x_dorrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
1016 {
1017 return hfa384x_dorrid(hw, DOWAIT,
1018 rid, riddata, riddatalen,
1019 NULL, NULL, NULL);
1020 }
1021
1022 static inline int
hfa384x_dorrid_async(hfa384x_t * hw,u16 rid,void * riddata,unsigned int riddatalen,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1023 hfa384x_dorrid_async(hfa384x_t *hw,
1024 u16 rid, void *riddata, unsigned int riddatalen,
1025 ctlx_cmdcb_t cmdcb,
1026 ctlx_usercb_t usercb,
1027 void *usercb_data)
1028 {
1029 return hfa384x_dorrid(hw, DOASYNC,
1030 rid, riddata, riddatalen,
1031 cmdcb, usercb, usercb_data);
1032 }
1033
1034 static inline int
hfa384x_dowrid_wait(hfa384x_t * hw,u16 rid,void * riddata,unsigned int riddatalen)1035 hfa384x_dowrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
1036 {
1037 return hfa384x_dowrid(hw, DOWAIT,
1038 rid, riddata, riddatalen,
1039 NULL, NULL, NULL);
1040 }
1041
1042 static inline int
hfa384x_dowrid_async(hfa384x_t * hw,u16 rid,void * riddata,unsigned int riddatalen,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1043 hfa384x_dowrid_async(hfa384x_t *hw,
1044 u16 rid, void *riddata, unsigned int riddatalen,
1045 ctlx_cmdcb_t cmdcb,
1046 ctlx_usercb_t usercb,
1047 void *usercb_data)
1048 {
1049 return hfa384x_dowrid(hw, DOASYNC,
1050 rid, riddata, riddatalen,
1051 cmdcb, usercb, usercb_data);
1052 }
1053
1054 static inline int
hfa384x_dormem_wait(hfa384x_t * hw,u16 page,u16 offset,void * data,unsigned int len)1055 hfa384x_dormem_wait(hfa384x_t *hw,
1056 u16 page, u16 offset, void *data, unsigned int len)
1057 {
1058 return hfa384x_dormem(hw, DOWAIT,
1059 page, offset, data, len,
1060 NULL, NULL, NULL);
1061 }
1062
1063 static inline int
hfa384x_dormem_async(hfa384x_t * hw,u16 page,u16 offset,void * data,unsigned int len,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1064 hfa384x_dormem_async(hfa384x_t *hw,
1065 u16 page, u16 offset, void *data, unsigned int len,
1066 ctlx_cmdcb_t cmdcb,
1067 ctlx_usercb_t usercb,
1068 void *usercb_data)
1069 {
1070 return hfa384x_dormem(hw, DOASYNC,
1071 page, offset, data, len,
1072 cmdcb, usercb, usercb_data);
1073 }
1074
1075 static inline int
hfa384x_dowmem_wait(hfa384x_t * hw,u16 page,u16 offset,void * data,unsigned int len)1076 hfa384x_dowmem_wait(
1077 hfa384x_t *hw,
1078 u16 page,
1079 u16 offset,
1080 void *data,
1081 unsigned int len)
1082 {
1083 return hfa384x_dowmem(hw, DOWAIT,
1084 page, offset, data, len,
1085 NULL, NULL, NULL);
1086 }
1087
1088 static inline int
hfa384x_dowmem_async(hfa384x_t * hw,u16 page,u16 offset,void * data,unsigned int len,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1089 hfa384x_dowmem_async(
1090 hfa384x_t *hw,
1091 u16 page,
1092 u16 offset,
1093 void *data,
1094 unsigned int len,
1095 ctlx_cmdcb_t cmdcb,
1096 ctlx_usercb_t usercb,
1097 void *usercb_data)
1098 {
1099 return hfa384x_dowmem(hw, DOASYNC,
1100 page, offset, data, len,
1101 cmdcb, usercb, usercb_data);
1102 }
1103
1104 /*----------------------------------------------------------------
1105 * hfa384x_cmd_initialize
1106 *
1107 * Issues the initialize command and sets the hw->state based
1108 * on the result.
1109 *
1110 * Arguments:
1111 * hw device structure
1112 *
1113 * Returns:
1114 * 0 success
1115 * >0 f/w reported error - f/w status code
1116 * <0 driver reported error
1117 *
1118 * Side effects:
1119 *
1120 * Call context:
1121 * process
1122 ----------------------------------------------------------------*/
1123 int
hfa384x_cmd_initialize(hfa384x_t * hw)1124 hfa384x_cmd_initialize(hfa384x_t *hw)
1125 {
1126 int result = 0;
1127 int i;
1128 hfa384x_metacmd_t cmd;
1129
1130 DBFENTER;
1131
1132
1133 cmd.cmd = HFA384x_CMDCODE_INIT;
1134 cmd.parm0 = 0;
1135 cmd.parm1 = 0;
1136 cmd.parm2 = 0;
1137
1138 result = hfa384x_docmd_wait(hw, &cmd);
1139
1140
1141 WLAN_LOG_DEBUG(3,"cmdresp.init: "
1142 "status=0x%04x, resp0=0x%04x, "
1143 "resp1=0x%04x, resp2=0x%04x\n",
1144 cmd.result.status,
1145 cmd.result.resp0,
1146 cmd.result.resp1,
1147 cmd.result.resp2);
1148 if ( result == 0 ) {
1149 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
1150 hw->port_enabled[i] = 0;
1151 }
1152 }
1153
1154 hw->link_status = HFA384x_LINK_NOTCONNECTED;
1155
1156 DBFEXIT;
1157 return result;
1158 }
1159
1160
1161 /*----------------------------------------------------------------
1162 * hfa384x_cmd_disable
1163 *
1164 * Issues the disable command to stop communications on one of
1165 * the MACs 'ports'.
1166 *
1167 * Arguments:
1168 * hw device structure
1169 * macport MAC port number (host order)
1170 *
1171 * Returns:
1172 * 0 success
1173 * >0 f/w reported failure - f/w status code
1174 * <0 driver reported error (timeout|bad arg)
1175 *
1176 * Side effects:
1177 *
1178 * Call context:
1179 * process
1180 ----------------------------------------------------------------*/
hfa384x_cmd_disable(hfa384x_t * hw,u16 macport)1181 int hfa384x_cmd_disable(hfa384x_t *hw, u16 macport)
1182 {
1183 int result = 0;
1184 hfa384x_metacmd_t cmd;
1185
1186 DBFENTER;
1187
1188 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
1189 HFA384x_CMD_MACPORT_SET(macport);
1190 cmd.parm0 = 0;
1191 cmd.parm1 = 0;
1192 cmd.parm2 = 0;
1193
1194 result = hfa384x_docmd_wait(hw, &cmd);
1195
1196 DBFEXIT;
1197 return result;
1198 }
1199
1200
1201 /*----------------------------------------------------------------
1202 * hfa384x_cmd_enable
1203 *
1204 * Issues the enable command to enable communications on one of
1205 * the MACs 'ports'.
1206 *
1207 * Arguments:
1208 * hw device structure
1209 * macport MAC port number
1210 *
1211 * Returns:
1212 * 0 success
1213 * >0 f/w reported failure - f/w status code
1214 * <0 driver reported error (timeout|bad arg)
1215 *
1216 * Side effects:
1217 *
1218 * Call context:
1219 * process
1220 ----------------------------------------------------------------*/
hfa384x_cmd_enable(hfa384x_t * hw,u16 macport)1221 int hfa384x_cmd_enable(hfa384x_t *hw, u16 macport)
1222 {
1223 int result = 0;
1224 hfa384x_metacmd_t cmd;
1225
1226 DBFENTER;
1227
1228 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1229 HFA384x_CMD_MACPORT_SET(macport);
1230 cmd.parm0 = 0;
1231 cmd.parm1 = 0;
1232 cmd.parm2 = 0;
1233
1234 result = hfa384x_docmd_wait(hw, &cmd);
1235
1236 DBFEXIT;
1237 return result;
1238 }
1239
1240 /*----------------------------------------------------------------
1241 * hfa384x_cmd_monitor
1242 *
1243 * Enables the 'monitor mode' of the MAC. Here's the description of
1244 * monitor mode that I've received thus far:
1245 *
1246 * "The "monitor mode" of operation is that the MAC passes all
1247 * frames for which the PLCP checks are correct. All received
1248 * MPDUs are passed to the host with MAC Port = 7, with a
1249 * receive status of good, FCS error, or undecryptable. Passing
1250 * certain MPDUs is a violation of the 802.11 standard, but useful
1251 * for a debugging tool." Normal communication is not possible
1252 * while monitor mode is enabled.
1253 *
1254 * Arguments:
1255 * hw device structure
1256 * enable a code (0x0b|0x0f) that enables/disables
1257 * monitor mode. (host order)
1258 *
1259 * Returns:
1260 * 0 success
1261 * >0 f/w reported failure - f/w status code
1262 * <0 driver reported error (timeout|bad arg)
1263 *
1264 * Side effects:
1265 *
1266 * Call context:
1267 * process
1268 ----------------------------------------------------------------*/
hfa384x_cmd_monitor(hfa384x_t * hw,u16 enable)1269 int hfa384x_cmd_monitor(hfa384x_t *hw, u16 enable)
1270 {
1271 int result = 0;
1272 hfa384x_metacmd_t cmd;
1273
1274 DBFENTER;
1275
1276 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1277 HFA384x_CMD_AINFO_SET(enable);
1278 cmd.parm0 = 0;
1279 cmd.parm1 = 0;
1280 cmd.parm2 = 0;
1281
1282 result = hfa384x_docmd_wait(hw, &cmd);
1283
1284 DBFEXIT;
1285 return result;
1286 }
1287
1288
1289 /*----------------------------------------------------------------
1290 * hfa384x_cmd_download
1291 *
1292 * Sets the controls for the MAC controller code/data download
1293 * process. The arguments set the mode and address associated
1294 * with a download. Note that the aux registers should be enabled
1295 * prior to setting one of the download enable modes.
1296 *
1297 * Arguments:
1298 * hw device structure
1299 * mode 0 - Disable programming and begin code exec
1300 * 1 - Enable volatile mem programming
1301 * 2 - Enable non-volatile mem programming
1302 * 3 - Program non-volatile section from NV download
1303 * buffer.
1304 * (host order)
1305 * lowaddr
1306 * highaddr For mode 1, sets the high & low order bits of
1307 * the "destination address". This address will be
1308 * the execution start address when download is
1309 * subsequently disabled.
1310 * For mode 2, sets the high & low order bits of
1311 * the destination in NV ram.
1312 * For modes 0 & 3, should be zero. (host order)
1313 * NOTE: these are CMD format.
1314 * codelen Length of the data to write in mode 2,
1315 * zero otherwise. (host order)
1316 *
1317 * Returns:
1318 * 0 success
1319 * >0 f/w reported failure - f/w status code
1320 * <0 driver reported error (timeout|bad arg)
1321 *
1322 * Side effects:
1323 *
1324 * Call context:
1325 * process
1326 ----------------------------------------------------------------*/
hfa384x_cmd_download(hfa384x_t * hw,u16 mode,u16 lowaddr,u16 highaddr,u16 codelen)1327 int hfa384x_cmd_download(hfa384x_t *hw, u16 mode, u16 lowaddr,
1328 u16 highaddr, u16 codelen)
1329 {
1330 int result = 0;
1331 hfa384x_metacmd_t cmd;
1332
1333 DBFENTER;
1334 WLAN_LOG_DEBUG(5,
1335 "mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1336 mode, lowaddr, highaddr, codelen);
1337
1338 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1339 HFA384x_CMD_PROGMODE_SET(mode));
1340
1341 cmd.parm0 = lowaddr;
1342 cmd.parm1 = highaddr;
1343 cmd.parm2 = codelen;
1344
1345 result = hfa384x_docmd_wait(hw, &cmd);
1346
1347 DBFEXIT;
1348 return result;
1349 }
1350
1351
1352 /*----------------------------------------------------------------
1353 * hfa384x_copy_from_aux
1354 *
1355 * Copies a collection of bytes from the controller memory. The
1356 * Auxiliary port MUST be enabled prior to calling this function.
1357 * We _might_ be in a download state.
1358 *
1359 * Arguments:
1360 * hw device structure
1361 * cardaddr address in hfa384x data space to read
1362 * auxctl address space select
1363 * buf ptr to destination host buffer
1364 * len length of data to transfer (in bytes)
1365 *
1366 * Returns:
1367 * nothing
1368 *
1369 * Side effects:
1370 * buf contains the data copied
1371 *
1372 * Call context:
1373 * process
1374 * interrupt
1375 ----------------------------------------------------------------*/
1376 void
hfa384x_copy_from_aux(hfa384x_t * hw,u32 cardaddr,u32 auxctl,void * buf,unsigned int len)1377 hfa384x_copy_from_aux(
1378 hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
1379 {
1380 DBFENTER;
1381 WLAN_LOG_ERROR("not used in USB.\n");
1382 DBFEXIT;
1383 }
1384
1385
1386 /*----------------------------------------------------------------
1387 * hfa384x_copy_to_aux
1388 *
1389 * Copies a collection of bytes to the controller memory. The
1390 * Auxiliary port MUST be enabled prior to calling this function.
1391 * We _might_ be in a download state.
1392 *
1393 * Arguments:
1394 * hw device structure
1395 * cardaddr address in hfa384x data space to read
1396 * auxctl address space select
1397 * buf ptr to destination host buffer
1398 * len length of data to transfer (in bytes)
1399 *
1400 * Returns:
1401 * nothing
1402 *
1403 * Side effects:
1404 * Controller memory now contains a copy of buf
1405 *
1406 * Call context:
1407 * process
1408 * interrupt
1409 ----------------------------------------------------------------*/
1410 void
hfa384x_copy_to_aux(hfa384x_t * hw,u32 cardaddr,u32 auxctl,void * buf,unsigned int len)1411 hfa384x_copy_to_aux(
1412 hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
1413 {
1414 DBFENTER;
1415 WLAN_LOG_ERROR("not used in USB.\n");
1416 DBFEXIT;
1417 }
1418
1419
1420 /*----------------------------------------------------------------
1421 * hfa384x_corereset
1422 *
1423 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1424 * structure is in its "created" state. That is, it is initialized
1425 * with proper values. Note that if a reset is done after the
1426 * device has been active for awhile, the caller might have to clean
1427 * up some leftover cruft in the hw structure.
1428 *
1429 * Arguments:
1430 * hw device structure
1431 * holdtime how long (in ms) to hold the reset
1432 * settletime how long (in ms) to wait after releasing
1433 * the reset
1434 *
1435 * Returns:
1436 * nothing
1437 *
1438 * Side effects:
1439 *
1440 * Call context:
1441 * process
1442 ----------------------------------------------------------------*/
hfa384x_corereset(hfa384x_t * hw,int holdtime,int settletime,int genesis)1443 int hfa384x_corereset(hfa384x_t *hw, int holdtime, int settletime, int genesis)
1444 {
1445 int result = 0;
1446
1447 DBFENTER;
1448
1449 result=usb_reset_device(hw->usb);
1450 if(result<0) {
1451 WLAN_LOG_ERROR("usb_reset_device() failed, result=%d.\n",result);
1452 }
1453
1454 DBFEXIT;
1455 return result;
1456 }
1457
1458
1459 /*----------------------------------------------------------------
1460 * hfa384x_usbctlx_complete_sync
1461 *
1462 * Waits for a synchronous CTLX object to complete,
1463 * and then handles the response.
1464 *
1465 * Arguments:
1466 * hw device structure
1467 * ctlx CTLX ptr
1468 * completor functor object to decide what to
1469 * do with the CTLX's result.
1470 *
1471 * Returns:
1472 * 0 Success
1473 * -ERESTARTSYS Interrupted by a signal
1474 * -EIO CTLX failed
1475 * -ENODEV Adapter was unplugged
1476 * ??? Result from completor
1477 *
1478 * Side effects:
1479 *
1480 * Call context:
1481 * process
1482 ----------------------------------------------------------------*/
hfa384x_usbctlx_complete_sync(hfa384x_t * hw,hfa384x_usbctlx_t * ctlx,usbctlx_completor_t * completor)1483 static int hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
1484 hfa384x_usbctlx_t *ctlx,
1485 usbctlx_completor_t *completor)
1486 {
1487 unsigned long flags;
1488 int result;
1489
1490 DBFENTER;
1491
1492 result = wait_for_completion_interruptible(&ctlx->done);
1493
1494 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1495
1496 /*
1497 * We can only handle the CTLX if the USB disconnect
1498 * function has not run yet ...
1499 */
1500 cleanup:
1501 if ( hw->wlandev->hwremoved )
1502 {
1503 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1504 result = -ENODEV;
1505 }
1506 else if ( result != 0 )
1507 {
1508 int runqueue = 0;
1509
1510 /*
1511 * We were probably interrupted, so delete
1512 * this CTLX asynchronously, kill the timers
1513 * and the URB, and then start the next
1514 * pending CTLX.
1515 *
1516 * NOTE: We can only delete the timers and
1517 * the URB if this CTLX is active.
1518 */
1519 if (ctlx == get_active_ctlx(hw))
1520 {
1521 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1522
1523 del_singleshot_timer_sync(&hw->reqtimer);
1524 del_singleshot_timer_sync(&hw->resptimer);
1525 hw->req_timer_done = 1;
1526 hw->resp_timer_done = 1;
1527 usb_kill_urb(&hw->ctlx_urb);
1528
1529 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1530
1531 runqueue = 1;
1532
1533 /*
1534 * This scenario is so unlikely that I'm
1535 * happy with a grubby "goto" solution ...
1536 */
1537 if ( hw->wlandev->hwremoved )
1538 goto cleanup;
1539 }
1540
1541 /*
1542 * The completion task will send this CTLX
1543 * to the reaper the next time it runs. We
1544 * are no longer in a hurry.
1545 */
1546 ctlx->reapable = 1;
1547 ctlx->state = CTLX_REQ_FAILED;
1548 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1549
1550 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1551
1552 if (runqueue)
1553 hfa384x_usbctlxq_run(hw);
1554 } else {
1555 if (ctlx->state == CTLX_COMPLETE) {
1556 result = completor->complete(completor);
1557 } else {
1558 WLAN_LOG_WARNING("CTLX[%d] error: state(%s)\n",
1559 hfa384x2host_16(ctlx->outbuf.type),
1560 ctlxstr(ctlx->state));
1561 result = -EIO;
1562 }
1563
1564 list_del(&ctlx->list);
1565 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1566 kfree(ctlx);
1567 }
1568
1569 DBFEXIT;
1570 return result;
1571 }
1572
1573 /*----------------------------------------------------------------
1574 * hfa384x_docmd
1575 *
1576 * Constructs a command CTLX and submits it.
1577 *
1578 * NOTE: Any changes to the 'post-submit' code in this function
1579 * need to be carried over to hfa384x_cbcmd() since the handling
1580 * is virtually identical.
1581 *
1582 * Arguments:
1583 * hw device structure
1584 * mode DOWAIT or DOASYNC
1585 * cmd cmd structure. Includes all arguments and result
1586 * data points. All in host order. in host order
1587 * cmdcb command-specific callback
1588 * usercb user callback for async calls, NULL for DOWAIT calls
1589 * usercb_data user supplied data pointer for async calls, NULL
1590 * for DOASYNC calls
1591 *
1592 * Returns:
1593 * 0 success
1594 * -EIO CTLX failure
1595 * -ERESTARTSYS Awakened on signal
1596 * >0 command indicated error, Status and Resp0-2 are
1597 * in hw structure.
1598 *
1599 * Side effects:
1600 *
1601 *
1602 * Call context:
1603 * process
1604 ----------------------------------------------------------------*/
1605 static int
hfa384x_docmd(hfa384x_t * hw,CMD_MODE mode,hfa384x_metacmd_t * cmd,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1606 hfa384x_docmd(
1607 hfa384x_t *hw,
1608 CMD_MODE mode,
1609 hfa384x_metacmd_t *cmd,
1610 ctlx_cmdcb_t cmdcb,
1611 ctlx_usercb_t usercb,
1612 void *usercb_data)
1613 {
1614 int result;
1615 hfa384x_usbctlx_t *ctlx;
1616
1617 DBFENTER;
1618 ctlx = usbctlx_alloc();
1619 if ( ctlx == NULL ) {
1620 result = -ENOMEM;
1621 goto done;
1622 }
1623
1624 /* Initialize the command */
1625 ctlx->outbuf.cmdreq.type = host2hfa384x_16(HFA384x_USB_CMDREQ);
1626 ctlx->outbuf.cmdreq.cmd = host2hfa384x_16(cmd->cmd);
1627 ctlx->outbuf.cmdreq.parm0 = host2hfa384x_16(cmd->parm0);
1628 ctlx->outbuf.cmdreq.parm1 = host2hfa384x_16(cmd->parm1);
1629 ctlx->outbuf.cmdreq.parm2 = host2hfa384x_16(cmd->parm2);
1630
1631 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1632
1633 WLAN_LOG_DEBUG(4, "cmdreq: cmd=0x%04x "
1634 "parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1635 cmd->cmd,
1636 cmd->parm0,
1637 cmd->parm1,
1638 cmd->parm2);
1639
1640 ctlx->reapable = mode;
1641 ctlx->cmdcb = cmdcb;
1642 ctlx->usercb = usercb;
1643 ctlx->usercb_data = usercb_data;
1644
1645 result = hfa384x_usbctlx_submit(hw, ctlx);
1646 if (result != 0) {
1647 kfree(ctlx);
1648 } else if (mode == DOWAIT) {
1649 usbctlx_cmd_completor_t completor;
1650
1651 result = hfa384x_usbctlx_complete_sync(
1652 hw, ctlx, init_cmd_completor(&completor,
1653 &ctlx->inbuf.cmdresp,
1654 &cmd->result) );
1655 }
1656
1657 done:
1658 DBFEXIT;
1659 return result;
1660 }
1661
1662
1663 /*----------------------------------------------------------------
1664 * hfa384x_dorrid
1665 *
1666 * Constructs a read rid CTLX and issues it.
1667 *
1668 * NOTE: Any changes to the 'post-submit' code in this function
1669 * need to be carried over to hfa384x_cbrrid() since the handling
1670 * is virtually identical.
1671 *
1672 * Arguments:
1673 * hw device structure
1674 * mode DOWAIT or DOASYNC
1675 * rid Read RID number (host order)
1676 * riddata Caller supplied buffer that MAC formatted RID.data
1677 * record will be written to for DOWAIT calls. Should
1678 * be NULL for DOASYNC calls.
1679 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1680 * cmdcb command callback for async calls, NULL for DOWAIT calls
1681 * usercb user callback for async calls, NULL for DOWAIT calls
1682 * usercb_data user supplied data pointer for async calls, NULL
1683 * for DOWAIT calls
1684 *
1685 * Returns:
1686 * 0 success
1687 * -EIO CTLX failure
1688 * -ERESTARTSYS Awakened on signal
1689 * -ENODATA riddatalen != macdatalen
1690 * >0 command indicated error, Status and Resp0-2 are
1691 * in hw structure.
1692 *
1693 * Side effects:
1694 *
1695 * Call context:
1696 * interrupt (DOASYNC)
1697 * process (DOWAIT or DOASYNC)
1698 ----------------------------------------------------------------*/
1699 static int
hfa384x_dorrid(hfa384x_t * hw,CMD_MODE mode,u16 rid,void * riddata,unsigned int riddatalen,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1700 hfa384x_dorrid(
1701 hfa384x_t *hw,
1702 CMD_MODE mode,
1703 u16 rid,
1704 void *riddata,
1705 unsigned int riddatalen,
1706 ctlx_cmdcb_t cmdcb,
1707 ctlx_usercb_t usercb,
1708 void *usercb_data)
1709 {
1710 int result;
1711 hfa384x_usbctlx_t *ctlx;
1712
1713 DBFENTER;
1714 ctlx = usbctlx_alloc();
1715 if ( ctlx == NULL ) {
1716 result = -ENOMEM;
1717 goto done;
1718 }
1719
1720 /* Initialize the command */
1721 ctlx->outbuf.rridreq.type = host2hfa384x_16(HFA384x_USB_RRIDREQ);
1722 ctlx->outbuf.rridreq.frmlen =
1723 host2hfa384x_16(sizeof(ctlx->outbuf.rridreq.rid));
1724 ctlx->outbuf.rridreq.rid = host2hfa384x_16(rid);
1725
1726 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1727
1728 ctlx->reapable = mode;
1729 ctlx->cmdcb = cmdcb;
1730 ctlx->usercb = usercb;
1731 ctlx->usercb_data = usercb_data;
1732
1733 /* Submit the CTLX */
1734 result = hfa384x_usbctlx_submit(hw, ctlx);
1735 if (result != 0) {
1736 kfree(ctlx);
1737 } else if (mode == DOWAIT) {
1738 usbctlx_rrid_completor_t completor;
1739
1740 result = hfa384x_usbctlx_complete_sync(
1741 hw, ctlx, init_rrid_completor(&completor,
1742 &ctlx->inbuf.rridresp,
1743 riddata,
1744 riddatalen) );
1745 }
1746
1747 done:
1748 DBFEXIT;
1749 return result;
1750 }
1751
1752
1753 /*----------------------------------------------------------------
1754 * hfa384x_dowrid
1755 *
1756 * Constructs a write rid CTLX and issues it.
1757 *
1758 * NOTE: Any changes to the 'post-submit' code in this function
1759 * need to be carried over to hfa384x_cbwrid() since the handling
1760 * is virtually identical.
1761 *
1762 * Arguments:
1763 * hw device structure
1764 * CMD_MODE DOWAIT or DOASYNC
1765 * rid RID code
1766 * riddata Data portion of RID formatted for MAC
1767 * riddatalen Length of the data portion in bytes
1768 * cmdcb command callback for async calls, NULL for DOWAIT calls
1769 * usercb user callback for async calls, NULL for DOWAIT calls
1770 * usercb_data user supplied data pointer for async calls
1771 *
1772 * Returns:
1773 * 0 success
1774 * -ETIMEDOUT timed out waiting for register ready or
1775 * command completion
1776 * >0 command indicated error, Status and Resp0-2 are
1777 * in hw structure.
1778 *
1779 * Side effects:
1780 *
1781 * Call context:
1782 * interrupt (DOASYNC)
1783 * process (DOWAIT or DOASYNC)
1784 ----------------------------------------------------------------*/
1785 static int
hfa384x_dowrid(hfa384x_t * hw,CMD_MODE mode,u16 rid,void * riddata,unsigned int riddatalen,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1786 hfa384x_dowrid(
1787 hfa384x_t *hw,
1788 CMD_MODE mode,
1789 u16 rid,
1790 void *riddata,
1791 unsigned int riddatalen,
1792 ctlx_cmdcb_t cmdcb,
1793 ctlx_usercb_t usercb,
1794 void *usercb_data)
1795 {
1796 int result;
1797 hfa384x_usbctlx_t *ctlx;
1798
1799 DBFENTER;
1800 ctlx = usbctlx_alloc();
1801 if ( ctlx == NULL ) {
1802 result = -ENOMEM;
1803 goto done;
1804 }
1805
1806 /* Initialize the command */
1807 ctlx->outbuf.wridreq.type = host2hfa384x_16(HFA384x_USB_WRIDREQ);
1808 ctlx->outbuf.wridreq.frmlen = host2hfa384x_16(
1809 (sizeof(ctlx->outbuf.wridreq.rid) +
1810 riddatalen + 1) / 2);
1811 ctlx->outbuf.wridreq.rid = host2hfa384x_16(rid);
1812 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1813
1814 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1815 sizeof(ctlx->outbuf.wridreq.frmlen) +
1816 sizeof(ctlx->outbuf.wridreq.rid) +
1817 riddatalen;
1818
1819 ctlx->reapable = mode;
1820 ctlx->cmdcb = cmdcb;
1821 ctlx->usercb = usercb;
1822 ctlx->usercb_data = usercb_data;
1823
1824 /* Submit the CTLX */
1825 result = hfa384x_usbctlx_submit(hw, ctlx);
1826 if (result != 0) {
1827 kfree(ctlx);
1828 } else if (mode == DOWAIT) {
1829 usbctlx_wrid_completor_t completor;
1830 hfa384x_cmdresult_t wridresult;
1831
1832 result = hfa384x_usbctlx_complete_sync(
1833 hw,
1834 ctlx,
1835 init_wrid_completor(&completor,
1836 &ctlx->inbuf.wridresp,
1837 &wridresult) );
1838 }
1839
1840 done:
1841 DBFEXIT;
1842 return result;
1843 }
1844
1845 /*----------------------------------------------------------------
1846 * hfa384x_dormem
1847 *
1848 * Constructs a readmem CTLX and issues it.
1849 *
1850 * NOTE: Any changes to the 'post-submit' code in this function
1851 * need to be carried over to hfa384x_cbrmem() since the handling
1852 * is virtually identical.
1853 *
1854 * Arguments:
1855 * hw device structure
1856 * mode DOWAIT or DOASYNC
1857 * page MAC address space page (CMD format)
1858 * offset MAC address space offset
1859 * data Ptr to data buffer to receive read
1860 * len Length of the data to read (max == 2048)
1861 * cmdcb command callback for async calls, NULL for DOWAIT calls
1862 * usercb user callback for async calls, NULL for DOWAIT calls
1863 * usercb_data user supplied data pointer for async calls
1864 *
1865 * Returns:
1866 * 0 success
1867 * -ETIMEDOUT timed out waiting for register ready or
1868 * command completion
1869 * >0 command indicated error, Status and Resp0-2 are
1870 * in hw structure.
1871 *
1872 * Side effects:
1873 *
1874 * Call context:
1875 * interrupt (DOASYNC)
1876 * process (DOWAIT or DOASYNC)
1877 ----------------------------------------------------------------*/
1878 static int
hfa384x_dormem(hfa384x_t * hw,CMD_MODE mode,u16 page,u16 offset,void * data,unsigned int len,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1879 hfa384x_dormem(
1880 hfa384x_t *hw,
1881 CMD_MODE mode,
1882 u16 page,
1883 u16 offset,
1884 void *data,
1885 unsigned int len,
1886 ctlx_cmdcb_t cmdcb,
1887 ctlx_usercb_t usercb,
1888 void *usercb_data)
1889 {
1890 int result;
1891 hfa384x_usbctlx_t *ctlx;
1892
1893 DBFENTER;
1894 ctlx = usbctlx_alloc();
1895 if ( ctlx == NULL ) {
1896 result = -ENOMEM;
1897 goto done;
1898 }
1899
1900 /* Initialize the command */
1901 ctlx->outbuf.rmemreq.type = host2hfa384x_16(HFA384x_USB_RMEMREQ);
1902 ctlx->outbuf.rmemreq.frmlen = host2hfa384x_16(
1903 sizeof(ctlx->outbuf.rmemreq.offset) +
1904 sizeof(ctlx->outbuf.rmemreq.page) +
1905 len);
1906 ctlx->outbuf.rmemreq.offset = host2hfa384x_16(offset);
1907 ctlx->outbuf.rmemreq.page = host2hfa384x_16(page);
1908
1909 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1910
1911 WLAN_LOG_DEBUG(4,
1912 "type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1913 ctlx->outbuf.rmemreq.type,
1914 ctlx->outbuf.rmemreq.frmlen,
1915 ctlx->outbuf.rmemreq.offset,
1916 ctlx->outbuf.rmemreq.page);
1917
1918 WLAN_LOG_DEBUG(4,"pktsize=%zd\n",
1919 ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1920
1921 ctlx->reapable = mode;
1922 ctlx->cmdcb = cmdcb;
1923 ctlx->usercb = usercb;
1924 ctlx->usercb_data = usercb_data;
1925
1926 result = hfa384x_usbctlx_submit(hw, ctlx);
1927 if (result != 0) {
1928 kfree(ctlx);
1929 } else if ( mode == DOWAIT ) {
1930 usbctlx_rmem_completor_t completor;
1931
1932 result = hfa384x_usbctlx_complete_sync(
1933 hw, ctlx, init_rmem_completor(&completor,
1934 &ctlx->inbuf.rmemresp,
1935 data,
1936 len) );
1937 }
1938
1939 done:
1940 DBFEXIT;
1941 return result;
1942 }
1943
1944
1945
1946 /*----------------------------------------------------------------
1947 * hfa384x_dowmem
1948 *
1949 * Constructs a writemem CTLX and issues it.
1950 *
1951 * NOTE: Any changes to the 'post-submit' code in this function
1952 * need to be carried over to hfa384x_cbwmem() since the handling
1953 * is virtually identical.
1954 *
1955 * Arguments:
1956 * hw device structure
1957 * mode DOWAIT or DOASYNC
1958 * page MAC address space page (CMD format)
1959 * offset MAC address space offset
1960 * data Ptr to data buffer containing write data
1961 * len Length of the data to read (max == 2048)
1962 * cmdcb command callback for async calls, NULL for DOWAIT calls
1963 * usercb user callback for async calls, NULL for DOWAIT calls
1964 * usercb_data user supplied data pointer for async calls.
1965 *
1966 * Returns:
1967 * 0 success
1968 * -ETIMEDOUT timed out waiting for register ready or
1969 * command completion
1970 * >0 command indicated error, Status and Resp0-2 are
1971 * in hw structure.
1972 *
1973 * Side effects:
1974 *
1975 * Call context:
1976 * interrupt (DOWAIT)
1977 * process (DOWAIT or DOASYNC)
1978 ----------------------------------------------------------------*/
1979 static int
hfa384x_dowmem(hfa384x_t * hw,CMD_MODE mode,u16 page,u16 offset,void * data,unsigned int len,ctlx_cmdcb_t cmdcb,ctlx_usercb_t usercb,void * usercb_data)1980 hfa384x_dowmem(
1981 hfa384x_t *hw,
1982 CMD_MODE mode,
1983 u16 page,
1984 u16 offset,
1985 void *data,
1986 unsigned int len,
1987 ctlx_cmdcb_t cmdcb,
1988 ctlx_usercb_t usercb,
1989 void *usercb_data)
1990 {
1991 int result;
1992 hfa384x_usbctlx_t *ctlx;
1993
1994 DBFENTER;
1995 WLAN_LOG_DEBUG(5, "page=0x%04x offset=0x%04x len=%d\n",
1996 page,offset,len);
1997
1998 ctlx = usbctlx_alloc();
1999 if ( ctlx == NULL ) {
2000 result = -ENOMEM;
2001 goto done;
2002 }
2003
2004 /* Initialize the command */
2005 ctlx->outbuf.wmemreq.type = host2hfa384x_16(HFA384x_USB_WMEMREQ);
2006 ctlx->outbuf.wmemreq.frmlen = host2hfa384x_16(
2007 sizeof(ctlx->outbuf.wmemreq.offset) +
2008 sizeof(ctlx->outbuf.wmemreq.page) +
2009 len);
2010 ctlx->outbuf.wmemreq.offset = host2hfa384x_16(offset);
2011 ctlx->outbuf.wmemreq.page = host2hfa384x_16(page);
2012 memcpy(ctlx->outbuf.wmemreq.data, data, len);
2013
2014 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
2015 sizeof(ctlx->outbuf.wmemreq.frmlen) +
2016 sizeof(ctlx->outbuf.wmemreq.offset) +
2017 sizeof(ctlx->outbuf.wmemreq.page) +
2018 len;
2019
2020 ctlx->reapable = mode;
2021 ctlx->cmdcb = cmdcb;
2022 ctlx->usercb = usercb;
2023 ctlx->usercb_data = usercb_data;
2024
2025 result = hfa384x_usbctlx_submit(hw, ctlx);
2026 if (result != 0) {
2027 kfree(ctlx);
2028 } else if ( mode == DOWAIT ) {
2029 usbctlx_wmem_completor_t completor;
2030 hfa384x_cmdresult_t wmemresult;
2031
2032 result = hfa384x_usbctlx_complete_sync(
2033 hw,
2034 ctlx,
2035 init_wmem_completor(&completor,
2036 &ctlx->inbuf.wmemresp,
2037 &wmemresult) );
2038 }
2039
2040 done:
2041 DBFEXIT;
2042 return result;
2043 }
2044
2045
2046 /*----------------------------------------------------------------
2047 * hfa384x_drvr_commtallies
2048 *
2049 * Send a commtallies inquiry to the MAC. Note that this is an async
2050 * call that will result in an info frame arriving sometime later.
2051 *
2052 * Arguments:
2053 * hw device structure
2054 *
2055 * Returns:
2056 * zero success.
2057 *
2058 * Side effects:
2059 *
2060 * Call context:
2061 * process
2062 ----------------------------------------------------------------*/
hfa384x_drvr_commtallies(hfa384x_t * hw)2063 int hfa384x_drvr_commtallies( hfa384x_t *hw )
2064 {
2065 hfa384x_metacmd_t cmd;
2066
2067 DBFENTER;
2068
2069 cmd.cmd = HFA384x_CMDCODE_INQ;
2070 cmd.parm0 = HFA384x_IT_COMMTALLIES;
2071 cmd.parm1 = 0;
2072 cmd.parm2 = 0;
2073
2074 hfa384x_docmd_async(hw, &cmd, NULL, NULL, NULL);
2075
2076 DBFEXIT;
2077 return 0;
2078 }
2079
2080
2081 /*----------------------------------------------------------------
2082 * hfa384x_drvr_disable
2083 *
2084 * Issues the disable command to stop communications on one of
2085 * the MACs 'ports'. Only macport 0 is valid for stations.
2086 * APs may also disable macports 1-6. Only ports that have been
2087 * previously enabled may be disabled.
2088 *
2089 * Arguments:
2090 * hw device structure
2091 * macport MAC port number (host order)
2092 *
2093 * Returns:
2094 * 0 success
2095 * >0 f/w reported failure - f/w status code
2096 * <0 driver reported error (timeout|bad arg)
2097 *
2098 * Side effects:
2099 *
2100 * Call context:
2101 * process
2102 ----------------------------------------------------------------*/
hfa384x_drvr_disable(hfa384x_t * hw,u16 macport)2103 int hfa384x_drvr_disable(hfa384x_t *hw, u16 macport)
2104 {
2105 int result = 0;
2106
2107 DBFENTER;
2108 if ((!hw->isap && macport != 0) ||
2109 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2110 !(hw->port_enabled[macport]) ){
2111 result = -EINVAL;
2112 } else {
2113 result = hfa384x_cmd_disable(hw, macport);
2114 if ( result == 0 ) {
2115 hw->port_enabled[macport] = 0;
2116 }
2117 }
2118 DBFEXIT;
2119 return result;
2120 }
2121
2122
2123 /*----------------------------------------------------------------
2124 * hfa384x_drvr_enable
2125 *
2126 * Issues the enable command to enable communications on one of
2127 * the MACs 'ports'. Only macport 0 is valid for stations.
2128 * APs may also enable macports 1-6. Only ports that are currently
2129 * disabled may be enabled.
2130 *
2131 * Arguments:
2132 * hw device structure
2133 * macport MAC port number
2134 *
2135 * Returns:
2136 * 0 success
2137 * >0 f/w reported failure - f/w status code
2138 * <0 driver reported error (timeout|bad arg)
2139 *
2140 * Side effects:
2141 *
2142 * Call context:
2143 * process
2144 ----------------------------------------------------------------*/
hfa384x_drvr_enable(hfa384x_t * hw,u16 macport)2145 int hfa384x_drvr_enable(hfa384x_t *hw, u16 macport)
2146 {
2147 int result = 0;
2148
2149 DBFENTER;
2150 if ((!hw->isap && macport != 0) ||
2151 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2152 (hw->port_enabled[macport]) ){
2153 result = -EINVAL;
2154 } else {
2155 result = hfa384x_cmd_enable(hw, macport);
2156 if ( result == 0 ) {
2157 hw->port_enabled[macport] = 1;
2158 }
2159 }
2160 DBFEXIT;
2161 return result;
2162 }
2163
2164
2165 /*----------------------------------------------------------------
2166 * hfa384x_drvr_flashdl_enable
2167 *
2168 * Begins the flash download state. Checks to see that we're not
2169 * already in a download state and that a port isn't enabled.
2170 * Sets the download state and retrieves the flash download
2171 * buffer location, buffer size, and timeout length.
2172 *
2173 * Arguments:
2174 * hw device structure
2175 *
2176 * Returns:
2177 * 0 success
2178 * >0 f/w reported error - f/w status code
2179 * <0 driver reported error
2180 *
2181 * Side effects:
2182 *
2183 * Call context:
2184 * process
2185 ----------------------------------------------------------------*/
hfa384x_drvr_flashdl_enable(hfa384x_t * hw)2186 int hfa384x_drvr_flashdl_enable(hfa384x_t *hw)
2187 {
2188 int result = 0;
2189 int i;
2190
2191 DBFENTER;
2192 /* Check that a port isn't active */
2193 for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2194 if ( hw->port_enabled[i] ) {
2195 WLAN_LOG_DEBUG(1,"called when port enabled.\n");
2196 return -EINVAL;
2197 }
2198 }
2199
2200 /* Check that we're not already in a download state */
2201 if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2202 return -EINVAL;
2203 }
2204
2205 /* Retrieve the buffer loc&size and timeout */
2206 if ( (result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
2207 &(hw->bufinfo), sizeof(hw->bufinfo))) ) {
2208 return result;
2209 }
2210 hw->bufinfo.page = hfa384x2host_16(hw->bufinfo.page);
2211 hw->bufinfo.offset = hfa384x2host_16(hw->bufinfo.offset);
2212 hw->bufinfo.len = hfa384x2host_16(hw->bufinfo.len);
2213 if ( (result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
2214 &(hw->dltimeout))) ) {
2215 return result;
2216 }
2217 hw->dltimeout = hfa384x2host_16(hw->dltimeout);
2218
2219 WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2220
2221 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
2222 DBFEXIT;
2223 return result;
2224 }
2225
2226
2227 /*----------------------------------------------------------------
2228 * hfa384x_drvr_flashdl_disable
2229 *
2230 * Ends the flash download state. Note that this will cause the MAC
2231 * firmware to restart.
2232 *
2233 * Arguments:
2234 * hw device structure
2235 *
2236 * Returns:
2237 * 0 success
2238 * >0 f/w reported error - f/w status code
2239 * <0 driver reported error
2240 *
2241 * Side effects:
2242 *
2243 * Call context:
2244 * process
2245 ----------------------------------------------------------------*/
hfa384x_drvr_flashdl_disable(hfa384x_t * hw)2246 int hfa384x_drvr_flashdl_disable(hfa384x_t *hw)
2247 {
2248 DBFENTER;
2249 /* Check that we're already in the download state */
2250 if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2251 return -EINVAL;
2252 }
2253
2254 WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2255
2256 /* There isn't much we can do at this point, so I don't */
2257 /* bother w/ the return value */
2258 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2259 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2260
2261 DBFEXIT;
2262 return 0;
2263 }
2264
2265
2266 /*----------------------------------------------------------------
2267 * hfa384x_drvr_flashdl_write
2268 *
2269 * Performs a FLASH download of a chunk of data. First checks to see
2270 * that we're in the FLASH download state, then sets the download
2271 * mode, uses the aux functions to 1) copy the data to the flash
2272 * buffer, 2) sets the download 'write flash' mode, 3) readback and
2273 * compare. Lather rinse, repeat as many times an necessary to get
2274 * all the given data into flash.
2275 * When all data has been written using this function (possibly
2276 * repeatedly), call drvr_flashdl_disable() to end the download state
2277 * and restart the MAC.
2278 *
2279 * Arguments:
2280 * hw device structure
2281 * daddr Card address to write to. (host order)
2282 * buf Ptr to data to write.
2283 * len Length of data (host order).
2284 *
2285 * Returns:
2286 * 0 success
2287 * >0 f/w reported error - f/w status code
2288 * <0 driver reported error
2289 *
2290 * Side effects:
2291 *
2292 * Call context:
2293 * process
2294 ----------------------------------------------------------------*/
2295 int
hfa384x_drvr_flashdl_write(hfa384x_t * hw,u32 daddr,void * buf,u32 len)2296 hfa384x_drvr_flashdl_write(
2297 hfa384x_t *hw,
2298 u32 daddr,
2299 void *buf,
2300 u32 len)
2301 {
2302 int result = 0;
2303 u32 dlbufaddr;
2304 int nburns;
2305 u32 burnlen;
2306 u32 burndaddr;
2307 u16 burnlo;
2308 u16 burnhi;
2309 int nwrites;
2310 u8 *writebuf;
2311 u16 writepage;
2312 u16 writeoffset;
2313 u32 writelen;
2314 int i;
2315 int j;
2316
2317 DBFENTER;
2318 WLAN_LOG_DEBUG(5,"daddr=0x%08x len=%d\n", daddr, len);
2319
2320 /* Check that we're in the flash download state */
2321 if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2322 return -EINVAL;
2323 }
2324
2325 WLAN_LOG_INFO("Download %d bytes to flash @0x%06x\n", len, daddr);
2326
2327 /* Convert to flat address for arithmetic */
2328 /* NOTE: dlbuffer RID stores the address in AUX format */
2329 dlbufaddr = HFA384x_ADDR_AUX_MKFLAT(
2330 hw->bufinfo.page, hw->bufinfo.offset);
2331 WLAN_LOG_DEBUG(5,
2332 "dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
2333 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
2334
2335 #if 0
2336 WLAN_LOG_WARNING("dlbuf@0x%06lx len=%d to=%d\n", dlbufaddr, hw->bufinfo.len, hw->dltimeout);
2337 #endif
2338 /* Calculations to determine how many fills of the dlbuffer to do
2339 * and how many USB wmemreq's to do for each fill. At this point
2340 * in time, the dlbuffer size and the wmemreq size are the same.
2341 * Therefore, nwrites should always be 1. The extra complexity
2342 * here is a hedge against future changes.
2343 */
2344
2345 /* Figure out how many times to do the flash programming */
2346 nburns = len / hw->bufinfo.len;
2347 nburns += (len % hw->bufinfo.len) ? 1 : 0;
2348
2349 /* For each flash program cycle, how many USB wmemreq's are needed? */
2350 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
2351 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
2352
2353 /* For each burn */
2354 for ( i = 0; i < nburns; i++) {
2355 /* Get the dest address and len */
2356 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
2357 hw->bufinfo.len :
2358 (len - (hw->bufinfo.len * i));
2359 burndaddr = daddr + (hw->bufinfo.len * i);
2360 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
2361 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
2362
2363 WLAN_LOG_INFO("Writing %d bytes to flash @0x%06x\n",
2364 burnlen, burndaddr);
2365
2366 /* Set the download mode */
2367 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
2368 burnlo, burnhi, burnlen);
2369 if ( result ) {
2370 WLAN_LOG_ERROR("download(NV,lo=%x,hi=%x,len=%x) "
2371 "cmd failed, result=%d. Aborting d/l\n",
2372 burnlo, burnhi, burnlen, result);
2373 goto exit_proc;
2374 }
2375
2376 /* copy the data to the flash download buffer */
2377 for ( j=0; j < nwrites; j++) {
2378 writebuf = buf +
2379 (i*hw->bufinfo.len) +
2380 (j*HFA384x_USB_RWMEM_MAXLEN);
2381
2382 writepage = HFA384x_ADDR_CMD_MKPAGE(
2383 dlbufaddr +
2384 (j*HFA384x_USB_RWMEM_MAXLEN));
2385 writeoffset = HFA384x_ADDR_CMD_MKOFF(
2386 dlbufaddr +
2387 (j*HFA384x_USB_RWMEM_MAXLEN));
2388
2389 writelen = burnlen-(j*HFA384x_USB_RWMEM_MAXLEN);
2390 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
2391 HFA384x_USB_RWMEM_MAXLEN :
2392 writelen;
2393
2394 result = hfa384x_dowmem_wait( hw,
2395 writepage,
2396 writeoffset,
2397 writebuf,
2398 writelen );
2399 #if 0
2400
2401 Comment out for debugging, assume the write was successful.
2402 if (result) {
2403 WLAN_LOG_ERROR(
2404 "Write to dl buffer failed, "
2405 "result=0x%04x. Aborting.\n",
2406 result);
2407 goto exit_proc;
2408 }
2409 #endif
2410
2411 }
2412
2413 /* set the download 'write flash' mode */
2414 result = hfa384x_cmd_download(hw,
2415 HFA384x_PROGMODE_NVWRITE,
2416 0,0,0);
2417 if ( result ) {
2418 WLAN_LOG_ERROR(
2419 "download(NVWRITE,lo=%x,hi=%x,len=%x) "
2420 "cmd failed, result=%d. Aborting d/l\n",
2421 burnlo, burnhi, burnlen, result);
2422 goto exit_proc;
2423 }
2424
2425 /* TODO: We really should do a readback and compare. */
2426 }
2427
2428 exit_proc:
2429
2430 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2431 /* actually disable programming mode. Remember, that will cause the */
2432 /* the firmware to effectively reset itself. */
2433
2434 DBFEXIT;
2435 return result;
2436 }
2437
2438
2439 /*----------------------------------------------------------------
2440 * hfa384x_drvr_getconfig
2441 *
2442 * Performs the sequence necessary to read a config/info item.
2443 *
2444 * Arguments:
2445 * hw device structure
2446 * rid config/info record id (host order)
2447 * buf host side record buffer. Upon return it will
2448 * contain the body portion of the record (minus the
2449 * RID and len).
2450 * len buffer length (in bytes, should match record length)
2451 *
2452 * Returns:
2453 * 0 success
2454 * >0 f/w reported error - f/w status code
2455 * <0 driver reported error
2456 * -ENODATA length mismatch between argument and retrieved
2457 * record.
2458 *
2459 * Side effects:
2460 *
2461 * Call context:
2462 * process
2463 ----------------------------------------------------------------*/
hfa384x_drvr_getconfig(hfa384x_t * hw,u16 rid,void * buf,u16 len)2464 int hfa384x_drvr_getconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2465 {
2466 int result;
2467 DBFENTER;
2468
2469 result = hfa384x_dorrid_wait(hw, rid, buf, len);
2470
2471 DBFEXIT;
2472 return result;
2473 }
2474
2475 /*----------------------------------------------------------------
2476 * hfa384x_drvr_getconfig_async
2477 *
2478 * Performs the sequence necessary to perform an async read of
2479 * of a config/info item.
2480 *
2481 * Arguments:
2482 * hw device structure
2483 * rid config/info record id (host order)
2484 * buf host side record buffer. Upon return it will
2485 * contain the body portion of the record (minus the
2486 * RID and len).
2487 * len buffer length (in bytes, should match record length)
2488 * cbfn caller supplied callback, called when the command
2489 * is done (successful or not).
2490 * cbfndata pointer to some caller supplied data that will be
2491 * passed in as an argument to the cbfn.
2492 *
2493 * Returns:
2494 * nothing the cbfn gets a status argument identifying if
2495 * any errors occur.
2496 * Side effects:
2497 * Queues an hfa384x_usbcmd_t for subsequent execution.
2498 *
2499 * Call context:
2500 * Any
2501 ----------------------------------------------------------------*/
2502 int
hfa384x_drvr_getconfig_async(hfa384x_t * hw,u16 rid,ctlx_usercb_t usercb,void * usercb_data)2503 hfa384x_drvr_getconfig_async(
2504 hfa384x_t *hw,
2505 u16 rid,
2506 ctlx_usercb_t usercb,
2507 void *usercb_data)
2508 {
2509 return hfa384x_dorrid_async(hw, rid, NULL, 0,
2510 hfa384x_cb_rrid, usercb, usercb_data);
2511 }
2512
2513 /*----------------------------------------------------------------
2514 * hfa384x_drvr_setconfig_async
2515 *
2516 * Performs the sequence necessary to write a config/info item.
2517 *
2518 * Arguments:
2519 * hw device structure
2520 * rid config/info record id (in host order)
2521 * buf host side record buffer
2522 * len buffer length (in bytes)
2523 * usercb completion callback
2524 * usercb_data completion callback argument
2525 *
2526 * Returns:
2527 * 0 success
2528 * >0 f/w reported error - f/w status code
2529 * <0 driver reported error
2530 *
2531 * Side effects:
2532 *
2533 * Call context:
2534 * process
2535 ----------------------------------------------------------------*/
2536 int
hfa384x_drvr_setconfig_async(hfa384x_t * hw,u16 rid,void * buf,u16 len,ctlx_usercb_t usercb,void * usercb_data)2537 hfa384x_drvr_setconfig_async(
2538 hfa384x_t *hw,
2539 u16 rid,
2540 void *buf,
2541 u16 len,
2542 ctlx_usercb_t usercb,
2543 void *usercb_data)
2544 {
2545 return hfa384x_dowrid_async(hw, rid, buf, len,
2546 hfa384x_cb_status, usercb, usercb_data);
2547 }
2548
2549 /*----------------------------------------------------------------
2550 * hfa384x_drvr_handover
2551 *
2552 * Sends a handover notification to the MAC.
2553 *
2554 * Arguments:
2555 * hw device structure
2556 * addr address of station that's left
2557 *
2558 * Returns:
2559 * zero success.
2560 * -ERESTARTSYS received signal while waiting for semaphore.
2561 * -EIO failed to write to bap, or failed in cmd.
2562 *
2563 * Side effects:
2564 *
2565 * Call context:
2566 * process
2567 ----------------------------------------------------------------*/
hfa384x_drvr_handover(hfa384x_t * hw,u8 * addr)2568 int hfa384x_drvr_handover( hfa384x_t *hw, u8 *addr)
2569 {
2570 DBFENTER;
2571 WLAN_LOG_ERROR("Not currently supported in USB!\n");
2572 DBFEXIT;
2573 return -EIO;
2574 }
2575
2576 /*----------------------------------------------------------------
2577 * hfa384x_drvr_low_level
2578 *
2579 * Write test commands to the card. Some test commands don't make
2580 * sense without prior set-up. For example, continous TX isn't very
2581 * useful until you set the channel. That functionality should be
2582 *
2583 * Side effects:
2584 *
2585 * Call context:
2586 * process thread
2587 * -----------------------------------------------------------------*/
hfa384x_drvr_low_level(hfa384x_t * hw,hfa384x_metacmd_t * cmd)2588 int hfa384x_drvr_low_level(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
2589 {
2590 int result;
2591 DBFENTER;
2592
2593 /* Do i need a host2hfa... conversion ? */
2594
2595 result = hfa384x_docmd_wait(hw, cmd);
2596
2597 DBFEXIT;
2598 return result;
2599 }
2600
2601 /*----------------------------------------------------------------
2602 * hfa384x_drvr_ramdl_disable
2603 *
2604 * Ends the ram download state.
2605 *
2606 * Arguments:
2607 * hw device structure
2608 *
2609 * Returns:
2610 * 0 success
2611 * >0 f/w reported error - f/w status code
2612 * <0 driver reported error
2613 *
2614 * Side effects:
2615 *
2616 * Call context:
2617 * process
2618 ----------------------------------------------------------------*/
2619 int
hfa384x_drvr_ramdl_disable(hfa384x_t * hw)2620 hfa384x_drvr_ramdl_disable(hfa384x_t *hw)
2621 {
2622 DBFENTER;
2623 /* Check that we're already in the download state */
2624 if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2625 return -EINVAL;
2626 }
2627
2628 WLAN_LOG_DEBUG(3,"ramdl_disable()\n");
2629
2630 /* There isn't much we can do at this point, so I don't */
2631 /* bother w/ the return value */
2632 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2633 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2634
2635 DBFEXIT;
2636 return 0;
2637 }
2638
2639
2640 /*----------------------------------------------------------------
2641 * hfa384x_drvr_ramdl_enable
2642 *
2643 * Begins the ram download state. Checks to see that we're not
2644 * already in a download state and that a port isn't enabled.
2645 * Sets the download state and calls cmd_download with the
2646 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2647 *
2648 * Arguments:
2649 * hw device structure
2650 * exeaddr the card execution address that will be
2651 * jumped to when ramdl_disable() is called
2652 * (host order).
2653 *
2654 * Returns:
2655 * 0 success
2656 * >0 f/w reported error - f/w status code
2657 * <0 driver reported error
2658 *
2659 * Side effects:
2660 *
2661 * Call context:
2662 * process
2663 ----------------------------------------------------------------*/
2664 int
hfa384x_drvr_ramdl_enable(hfa384x_t * hw,u32 exeaddr)2665 hfa384x_drvr_ramdl_enable(hfa384x_t *hw, u32 exeaddr)
2666 {
2667 int result = 0;
2668 u16 lowaddr;
2669 u16 hiaddr;
2670 int i;
2671 DBFENTER;
2672 /* Check that a port isn't active */
2673 for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2674 if ( hw->port_enabled[i] ) {
2675 WLAN_LOG_ERROR(
2676 "Can't download with a macport enabled.\n");
2677 return -EINVAL;
2678 }
2679 }
2680
2681 /* Check that we're not already in a download state */
2682 if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2683 WLAN_LOG_ERROR(
2684 "Download state not disabled.\n");
2685 return -EINVAL;
2686 }
2687
2688 WLAN_LOG_DEBUG(3,"ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2689
2690 /* Call the download(1,addr) function */
2691 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2692 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2693
2694 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2695 lowaddr, hiaddr, 0);
2696
2697 if ( result == 0) {
2698 /* Set the download state */
2699 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2700 } else {
2701 WLAN_LOG_DEBUG(1,
2702 "cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2703 lowaddr,
2704 hiaddr,
2705 result);
2706 }
2707
2708 DBFEXIT;
2709 return result;
2710 }
2711
2712
2713 /*----------------------------------------------------------------
2714 * hfa384x_drvr_ramdl_write
2715 *
2716 * Performs a RAM download of a chunk of data. First checks to see
2717 * that we're in the RAM download state, then uses the [read|write]mem USB
2718 * commands to 1) copy the data, 2) readback and compare. The download
2719 * state is unaffected. When all data has been written using
2720 * this function, call drvr_ramdl_disable() to end the download state
2721 * and restart the MAC.
2722 *
2723 * Arguments:
2724 * hw device structure
2725 * daddr Card address to write to. (host order)
2726 * buf Ptr to data to write.
2727 * len Length of data (host order).
2728 *
2729 * Returns:
2730 * 0 success
2731 * >0 f/w reported error - f/w status code
2732 * <0 driver reported error
2733 *
2734 * Side effects:
2735 *
2736 * Call context:
2737 * process
2738 ----------------------------------------------------------------*/
2739 int
hfa384x_drvr_ramdl_write(hfa384x_t * hw,u32 daddr,void * buf,u32 len)2740 hfa384x_drvr_ramdl_write(hfa384x_t *hw, u32 daddr, void* buf, u32 len)
2741 {
2742 int result = 0;
2743 int nwrites;
2744 u8 *data = buf;
2745 int i;
2746 u32 curraddr;
2747 u16 currpage;
2748 u16 curroffset;
2749 u16 currlen;
2750 DBFENTER;
2751 /* Check that we're in the ram download state */
2752 if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2753 return -EINVAL;
2754 }
2755
2756 WLAN_LOG_INFO("Writing %d bytes to ram @0x%06x\n", len, daddr);
2757
2758 /* How many dowmem calls? */
2759 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2760 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2761
2762 /* Do blocking wmem's */
2763 for(i=0; i < nwrites; i++) {
2764 /* make address args */
2765 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2766 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2767 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2768 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2769 if ( currlen > HFA384x_USB_RWMEM_MAXLEN) {
2770 currlen = HFA384x_USB_RWMEM_MAXLEN;
2771 }
2772
2773 /* Do blocking ctlx */
2774 result = hfa384x_dowmem_wait( hw,
2775 currpage,
2776 curroffset,
2777 data + (i*HFA384x_USB_RWMEM_MAXLEN),
2778 currlen );
2779
2780 if (result) break;
2781
2782 /* TODO: We really should have a readback. */
2783 }
2784
2785 DBFEXIT;
2786 return result;
2787 }
2788
2789
2790 /*----------------------------------------------------------------
2791 * hfa384x_drvr_readpda
2792 *
2793 * Performs the sequence to read the PDA space. Note there is no
2794 * drvr_writepda() function. Writing a PDA is
2795 * generally implemented by a calling component via calls to
2796 * cmd_download and writing to the flash download buffer via the
2797 * aux regs.
2798 *
2799 * Arguments:
2800 * hw device structure
2801 * buf buffer to store PDA in
2802 * len buffer length
2803 *
2804 * Returns:
2805 * 0 success
2806 * >0 f/w reported error - f/w status code
2807 * <0 driver reported error
2808 * -ETIMEOUT timout waiting for the cmd regs to become
2809 * available, or waiting for the control reg
2810 * to indicate the Aux port is enabled.
2811 * -ENODATA the buffer does NOT contain a valid PDA.
2812 * Either the card PDA is bad, or the auxdata
2813 * reads are giving us garbage.
2814
2815 *
2816 * Side effects:
2817 *
2818 * Call context:
2819 * process or non-card interrupt.
2820 ----------------------------------------------------------------*/
hfa384x_drvr_readpda(hfa384x_t * hw,void * buf,unsigned int len)2821 int hfa384x_drvr_readpda(hfa384x_t *hw, void *buf, unsigned int len)
2822 {
2823 int result = 0;
2824 u16 *pda = buf;
2825 int pdaok = 0;
2826 int morepdrs = 1;
2827 int currpdr = 0; /* word offset of the current pdr */
2828 size_t i;
2829 u16 pdrlen; /* pdr length in bytes, host order */
2830 u16 pdrcode; /* pdr code, host order */
2831 u16 currpage;
2832 u16 curroffset;
2833 struct pdaloc {
2834 u32 cardaddr;
2835 u16 auxctl;
2836 } pdaloc[] =
2837 {
2838 { HFA3842_PDA_BASE, 0},
2839 { HFA3841_PDA_BASE, 0},
2840 { HFA3841_PDA_BOGUS_BASE, 0}
2841 };
2842
2843 DBFENTER;
2844
2845 /* Read the pda from each known address. */
2846 for ( i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2847 /* Make address */
2848 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2849 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2850
2851 result = hfa384x_dormem_wait(hw,
2852 currpage,
2853 curroffset,
2854 buf,
2855 len); /* units of bytes */
2856
2857 if (result) {
2858 WLAN_LOG_WARNING(
2859 "Read from index %zd failed, continuing\n",
2860 i );
2861 continue;
2862 }
2863
2864 /* Test for garbage */
2865 pdaok = 1; /* initially assume good */
2866 morepdrs = 1;
2867 while ( pdaok && morepdrs ) {
2868 pdrlen = hfa384x2host_16(pda[currpdr]) * 2;
2869 pdrcode = hfa384x2host_16(pda[currpdr+1]);
2870 /* Test the record length */
2871 if ( pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2872 WLAN_LOG_ERROR("pdrlen invalid=%d\n",
2873 pdrlen);
2874 pdaok = 0;
2875 break;
2876 }
2877 /* Test the code */
2878 if ( !hfa384x_isgood_pdrcode(pdrcode) ) {
2879 WLAN_LOG_ERROR("pdrcode invalid=%d\n",
2880 pdrcode);
2881 pdaok = 0;
2882 break;
2883 }
2884 /* Test for completion */
2885 if ( pdrcode == HFA384x_PDR_END_OF_PDA) {
2886 morepdrs = 0;
2887 }
2888
2889 /* Move to the next pdr (if necessary) */
2890 if ( morepdrs ) {
2891 /* note the access to pda[], need words here */
2892 currpdr += hfa384x2host_16(pda[currpdr]) + 1;
2893 }
2894 }
2895 if ( pdaok ) {
2896 WLAN_LOG_INFO(
2897 "PDA Read from 0x%08x in %s space.\n",
2898 pdaloc[i].cardaddr,
2899 pdaloc[i].auxctl == 0 ? "EXTDS" :
2900 pdaloc[i].auxctl == 1 ? "NV" :
2901 pdaloc[i].auxctl == 2 ? "PHY" :
2902 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2903 "<bogus auxctl>");
2904 break;
2905 }
2906 }
2907 result = pdaok ? 0 : -ENODATA;
2908
2909 if ( result ) {
2910 WLAN_LOG_DEBUG(3,"Failure: pda is not okay\n");
2911 }
2912
2913 DBFEXIT;
2914 return result;
2915 }
2916
2917
2918 /*----------------------------------------------------------------
2919 * hfa384x_drvr_setconfig
2920 *
2921 * Performs the sequence necessary to write a config/info item.
2922 *
2923 * Arguments:
2924 * hw device structure
2925 * rid config/info record id (in host order)
2926 * buf host side record buffer
2927 * len buffer length (in bytes)
2928 *
2929 * Returns:
2930 * 0 success
2931 * >0 f/w reported error - f/w status code
2932 * <0 driver reported error
2933 *
2934 * Side effects:
2935 *
2936 * Call context:
2937 * process
2938 ----------------------------------------------------------------*/
hfa384x_drvr_setconfig(hfa384x_t * hw,u16 rid,void * buf,u16 len)2939 int hfa384x_drvr_setconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2940 {
2941 return hfa384x_dowrid_wait(hw, rid, buf, len);
2942 }
2943
2944 /*----------------------------------------------------------------
2945 * hfa384x_drvr_start
2946 *
2947 * Issues the MAC initialize command, sets up some data structures,
2948 * and enables the interrupts. After this function completes, the
2949 * low-level stuff should be ready for any/all commands.
2950 *
2951 * Arguments:
2952 * hw device structure
2953 * Returns:
2954 * 0 success
2955 * >0 f/w reported error - f/w status code
2956 * <0 driver reported error
2957 *
2958 * Side effects:
2959 *
2960 * Call context:
2961 * process
2962 ----------------------------------------------------------------*/
2963
hfa384x_drvr_start(hfa384x_t * hw)2964 int hfa384x_drvr_start(hfa384x_t *hw)
2965 {
2966 int result, result1, result2;
2967 u16 status;
2968 DBFENTER;
2969
2970 might_sleep();
2971
2972 /* Clear endpoint stalls - but only do this if the endpoint
2973 * is showing a stall status. Some prism2 cards seem to behave
2974 * badly if a clear_halt is called when the endpoint is already
2975 * ok
2976 */
2977 result = usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status);
2978 if (result < 0) {
2979 WLAN_LOG_ERROR(
2980 "Cannot get bulk in endpoint status.\n");
2981 goto done;
2982 }
2983 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in)) {
2984 WLAN_LOG_ERROR(
2985 "Failed to reset bulk in endpoint.\n");
2986 }
2987
2988 result = usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status);
2989 if (result < 0) {
2990 WLAN_LOG_ERROR(
2991 "Cannot get bulk out endpoint status.\n");
2992 goto done;
2993 }
2994 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out)) {
2995 WLAN_LOG_ERROR(
2996 "Failed to reset bulk out endpoint.\n");
2997 }
2998
2999 /* Synchronous unlink, in case we're trying to restart the driver */
3000 usb_kill_urb(&hw->rx_urb);
3001
3002 /* Post the IN urb */
3003 result = submit_rx_urb(hw, GFP_KERNEL);
3004 if (result != 0) {
3005 WLAN_LOG_ERROR(
3006 "Fatal, failed to submit RX URB, result=%d\n",
3007 result);
3008 goto done;
3009 }
3010
3011 /* Call initialize twice, with a 1 second sleep in between.
3012 * This is a nasty work-around since many prism2 cards seem to
3013 * need time to settle after an init from cold. The second
3014 * call to initialize in theory is not necessary - but we call
3015 * it anyway as a double insurance policy:
3016 * 1) If the first init should fail, the second may well succeed
3017 * and the card can still be used
3018 * 2) It helps ensures all is well with the card after the first
3019 * init and settle time.
3020 */
3021 result1 = hfa384x_cmd_initialize(hw);
3022 msleep(1000);
3023 result = result2 = hfa384x_cmd_initialize(hw);
3024 if (result1 != 0) {
3025 if (result2 != 0) {
3026 WLAN_LOG_ERROR(
3027 "cmd_initialize() failed on two attempts, results %d and %d\n",
3028 result1, result2);
3029 usb_kill_urb(&hw->rx_urb);
3030 goto done;
3031 } else {
3032 WLAN_LOG_DEBUG(0, "First cmd_initialize() failed (result %d),\n",
3033 result1);
3034 WLAN_LOG_DEBUG(0, "but second attempt succeeded. All should be ok\n");
3035 }
3036 } else if (result2 != 0) {
3037 WLAN_LOG_WARNING(
3038 "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
3039 result2);
3040 WLAN_LOG_WARNING("Most likely the card will be functional\n");
3041 goto done;
3042 }
3043
3044 hw->state = HFA384x_STATE_RUNNING;
3045
3046 done:
3047 DBFEXIT;
3048 return result;
3049 }
3050
3051
3052 /*----------------------------------------------------------------
3053 * hfa384x_drvr_stop
3054 *
3055 * Shuts down the MAC to the point where it is safe to unload the
3056 * driver. Any subsystem that may be holding a data or function
3057 * ptr into the driver must be cleared/deinitialized.
3058 *
3059 * Arguments:
3060 * hw device structure
3061 * Returns:
3062 * 0 success
3063 * >0 f/w reported error - f/w status code
3064 * <0 driver reported error
3065 *
3066 * Side effects:
3067 *
3068 * Call context:
3069 * process
3070 ----------------------------------------------------------------*/
3071 int
hfa384x_drvr_stop(hfa384x_t * hw)3072 hfa384x_drvr_stop(hfa384x_t *hw)
3073 {
3074 int result = 0;
3075 int i;
3076 DBFENTER;
3077
3078 might_sleep();
3079
3080 /* There's no need for spinlocks here. The USB "disconnect"
3081 * function sets this "removed" flag and then calls us.
3082 */
3083 if ( !hw->wlandev->hwremoved ) {
3084 /* Call initialize to leave the MAC in its 'reset' state */
3085 hfa384x_cmd_initialize(hw);
3086
3087 /* Cancel the rxurb */
3088 usb_kill_urb(&hw->rx_urb);
3089 }
3090
3091 hw->link_status = HFA384x_LINK_NOTCONNECTED;
3092 hw->state = HFA384x_STATE_INIT;
3093
3094 del_timer_sync(&hw->commsqual_timer);
3095
3096 /* Clear all the port status */
3097 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
3098 hw->port_enabled[i] = 0;
3099 }
3100
3101 DBFEXIT;
3102 return result;
3103 }
3104
3105 /*----------------------------------------------------------------
3106 * hfa384x_drvr_txframe
3107 *
3108 * Takes a frame from prism2sta and queues it for transmission.
3109 *
3110 * Arguments:
3111 * hw device structure
3112 * skb packet buffer struct. Contains an 802.11
3113 * data frame.
3114 * p80211_hdr points to the 802.11 header for the packet.
3115 * Returns:
3116 * 0 Success and more buffs available
3117 * 1 Success but no more buffs
3118 * 2 Allocation failure
3119 * 4 Buffer full or queue busy
3120 *
3121 * Side effects:
3122 *
3123 * Call context:
3124 * interrupt
3125 ----------------------------------------------------------------*/
hfa384x_drvr_txframe(hfa384x_t * hw,struct sk_buff * skb,p80211_hdr_t * p80211_hdr,p80211_metawep_t * p80211_wep)3126 int hfa384x_drvr_txframe(hfa384x_t *hw, struct sk_buff *skb, p80211_hdr_t *p80211_hdr, p80211_metawep_t *p80211_wep)
3127
3128 {
3129 int usbpktlen = sizeof(hfa384x_tx_frame_t);
3130 int result;
3131 int ret;
3132 char *ptr;
3133
3134 DBFENTER;
3135
3136 if (hw->tx_urb.status == -EINPROGRESS) {
3137 WLAN_LOG_WARNING("TX URB already in use\n");
3138 result = 3;
3139 goto exit;
3140 }
3141
3142 /* Build Tx frame structure */
3143 /* Set up the control field */
3144 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
3145
3146 /* Setup the usb type field */
3147 hw->txbuff.type = host2hfa384x_16(HFA384x_USB_TXFRM);
3148
3149 /* Set up the sw_support field to identify this frame */
3150 hw->txbuff.txfrm.desc.sw_support = 0x0123;
3151
3152 /* Tx complete and Tx exception disable per dleach. Might be causing
3153 * buf depletion
3154 */
3155 //#define DOEXC SLP -- doboth breaks horribly under load, doexc less so.
3156 #if defined(DOBOTH)
3157 hw->txbuff.txfrm.desc.tx_control =
3158 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3159 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
3160 #elif defined(DOEXC)
3161 hw->txbuff.txfrm.desc.tx_control =
3162 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3163 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
3164 #else
3165 hw->txbuff.txfrm.desc.tx_control =
3166 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3167 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
3168 #endif
3169 hw->txbuff.txfrm.desc.tx_control =
3170 host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
3171
3172 /* copy the header over to the txdesc */
3173 memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
3174
3175 /* if we're using host WEP, increase size by IV+ICV */
3176 if (p80211_wep->data) {
3177 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
3178 // hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
3179 usbpktlen+=8;
3180 } else {
3181 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
3182 }
3183
3184 usbpktlen += skb->len;
3185
3186 /* copy over the WEP IV if we are using host WEP */
3187 ptr = hw->txbuff.txfrm.data;
3188 if (p80211_wep->data) {
3189 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
3190 ptr+= sizeof(p80211_wep->iv);
3191 memcpy(ptr, p80211_wep->data, skb->len);
3192 } else {
3193 memcpy(ptr, skb->data, skb->len);
3194 }
3195 /* copy over the packet data */
3196 ptr+= skb->len;
3197
3198 /* copy over the WEP ICV if we are using host WEP */
3199 if (p80211_wep->data) {
3200 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
3201 }
3202
3203 /* Send the USB packet */
3204 usb_fill_bulk_urb( &(hw->tx_urb), hw->usb,
3205 hw->endp_out,
3206 &(hw->txbuff), ROUNDUP64(usbpktlen),
3207 hfa384x_usbout_callback, hw->wlandev );
3208 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
3209
3210 result = 1;
3211 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
3212 if ( ret != 0 ) {
3213 WLAN_LOG_ERROR(
3214 "submit_tx_urb() failed, error=%d\n", ret);
3215 result = 3;
3216 }
3217
3218 exit:
3219 DBFEXIT;
3220 return result;
3221 }
3222
hfa384x_tx_timeout(wlandevice_t * wlandev)3223 void hfa384x_tx_timeout(wlandevice_t *wlandev)
3224 {
3225 hfa384x_t *hw = wlandev->priv;
3226 unsigned long flags;
3227
3228 DBFENTER;
3229
3230 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3231
3232 if ( !hw->wlandev->hwremoved &&
3233 /* Note the bitwise OR, not the logical OR. */
3234 ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) |
3235 !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) ) )
3236 {
3237 schedule_work(&hw->usb_work);
3238 }
3239
3240 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3241
3242 DBFEXIT;
3243 }
3244
3245 /*----------------------------------------------------------------
3246 * hfa384x_usbctlx_reaper_task
3247 *
3248 * Tasklet to delete dead CTLX objects
3249 *
3250 * Arguments:
3251 * data ptr to a hfa384x_t
3252 *
3253 * Returns:
3254 *
3255 * Call context:
3256 * Interrupt
3257 ----------------------------------------------------------------*/
hfa384x_usbctlx_reaper_task(unsigned long data)3258 static void hfa384x_usbctlx_reaper_task(unsigned long data)
3259 {
3260 hfa384x_t *hw = (hfa384x_t*)data;
3261 struct list_head *entry;
3262 struct list_head *temp;
3263 unsigned long flags;
3264
3265 DBFENTER;
3266
3267 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3268
3269 /* This list is guaranteed to be empty if someone
3270 * has unplugged the adapter.
3271 */
3272 list_for_each_safe(entry, temp, &hw->ctlxq.reapable) {
3273 hfa384x_usbctlx_t *ctlx;
3274
3275 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3276 list_del(&ctlx->list);
3277 kfree(ctlx);
3278 }
3279
3280 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3281
3282 DBFEXIT;
3283 }
3284
3285 /*----------------------------------------------------------------
3286 * hfa384x_usbctlx_completion_task
3287 *
3288 * Tasklet to call completion handlers for returned CTLXs
3289 *
3290 * Arguments:
3291 * data ptr to hfa384x_t
3292 *
3293 * Returns:
3294 * Nothing
3295 *
3296 * Call context:
3297 * Interrupt
3298 ----------------------------------------------------------------*/
hfa384x_usbctlx_completion_task(unsigned long data)3299 static void hfa384x_usbctlx_completion_task(unsigned long data)
3300 {
3301 hfa384x_t *hw = (hfa384x_t*)data;
3302 struct list_head *entry;
3303 struct list_head *temp;
3304 unsigned long flags;
3305
3306 int reap = 0;
3307
3308 DBFENTER;
3309
3310 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3311
3312 /* This list is guaranteed to be empty if someone
3313 * has unplugged the adapter ...
3314 */
3315 list_for_each_safe(entry, temp, &hw->ctlxq.completing) {
3316 hfa384x_usbctlx_t *ctlx;
3317
3318 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3319
3320 /* Call the completion function that this
3321 * command was assigned, assuming it has one.
3322 */
3323 if ( ctlx->cmdcb != NULL ) {
3324 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3325 ctlx->cmdcb(hw, ctlx);
3326 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3327
3328 /* Make sure we don't try and complete
3329 * this CTLX more than once!
3330 */
3331 ctlx->cmdcb = NULL;
3332
3333 /* Did someone yank the adapter out
3334 * while our list was (briefly) unlocked?
3335 */
3336 if ( hw->wlandev->hwremoved )
3337 {
3338 reap = 0;
3339 break;
3340 }
3341 }
3342
3343 /*
3344 * "Reapable" CTLXs are ones which don't have any
3345 * threads waiting for them to die. Hence they must
3346 * be delivered to The Reaper!
3347 */
3348 if ( ctlx->reapable ) {
3349 /* Move the CTLX off the "completing" list (hopefully)
3350 * on to the "reapable" list where the reaper task
3351 * can find it. And "reapable" means that this CTLX
3352 * isn't sitting on a wait-queue somewhere.
3353 */
3354 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
3355 reap = 1;
3356 }
3357
3358 complete(&ctlx->done);
3359 }
3360 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3361
3362 if (reap)
3363 tasklet_schedule(&hw->reaper_bh);
3364
3365 DBFEXIT;
3366 }
3367
3368 /*----------------------------------------------------------------
3369 * unlocked_usbctlx_cancel_async
3370 *
3371 * Mark the CTLX dead asynchronously, and ensure that the
3372 * next command on the queue is run afterwards.
3373 *
3374 * Arguments:
3375 * hw ptr to the hfa384x_t structure
3376 * ctlx ptr to a CTLX structure
3377 *
3378 * Returns:
3379 * 0 the CTLX's URB is inactive
3380 * -EINPROGRESS the URB is currently being unlinked
3381 *
3382 * Call context:
3383 * Either process or interrupt, but presumably interrupt
3384 ----------------------------------------------------------------*/
unlocked_usbctlx_cancel_async(hfa384x_t * hw,hfa384x_usbctlx_t * ctlx)3385 static int unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3386 {
3387 int ret;
3388
3389 DBFENTER;
3390
3391 /*
3392 * Try to delete the URB containing our request packet.
3393 * If we succeed, then its completion handler will be
3394 * called with a status of -ECONNRESET.
3395 */
3396 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3397 ret = usb_unlink_urb(&hw->ctlx_urb);
3398
3399 if (ret != -EINPROGRESS) {
3400 /*
3401 * The OUT URB had either already completed
3402 * or was still in the pending queue, so the
3403 * URB's completion function will not be called.
3404 * We will have to complete the CTLX ourselves.
3405 */
3406 ctlx->state = CTLX_REQ_FAILED;
3407 unlocked_usbctlx_complete(hw, ctlx);
3408 ret = 0;
3409 }
3410
3411 DBFEXIT;
3412
3413 return ret;
3414 }
3415
3416 /*----------------------------------------------------------------
3417 * unlocked_usbctlx_complete
3418 *
3419 * A CTLX has completed. It may have been successful, it may not
3420 * have been. At this point, the CTLX should be quiescent. The URBs
3421 * aren't active and the timers should have been stopped.
3422 *
3423 * The CTLX is migrated to the "completing" queue, and the completing
3424 * tasklet is scheduled.
3425 *
3426 * Arguments:
3427 * hw ptr to a hfa384x_t structure
3428 * ctlx ptr to a ctlx structure
3429 *
3430 * Returns:
3431 * nothing
3432 *
3433 * Side effects:
3434 *
3435 * Call context:
3436 * Either, assume interrupt
3437 ----------------------------------------------------------------*/
unlocked_usbctlx_complete(hfa384x_t * hw,hfa384x_usbctlx_t * ctlx)3438 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3439 {
3440 DBFENTER;
3441
3442 /* Timers have been stopped, and ctlx should be in
3443 * a terminal state. Retire it from the "active"
3444 * queue.
3445 */
3446 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
3447 tasklet_schedule(&hw->completion_bh);
3448
3449 switch (ctlx->state) {
3450 case CTLX_COMPLETE:
3451 case CTLX_REQ_FAILED:
3452 /* This are the correct terminating states. */
3453 break;
3454
3455 default:
3456 WLAN_LOG_ERROR("CTLX[%d] not in a terminating state(%s)\n",
3457 hfa384x2host_16(ctlx->outbuf.type),
3458 ctlxstr(ctlx->state));
3459 break;
3460 } /* switch */
3461
3462 DBFEXIT;
3463 }
3464
3465 /*----------------------------------------------------------------
3466 * hfa384x_usbctlxq_run
3467 *
3468 * Checks to see if the head item is running. If not, starts it.
3469 *
3470 * Arguments:
3471 * hw ptr to hfa384x_t
3472 *
3473 * Returns:
3474 * nothing
3475 *
3476 * Side effects:
3477 *
3478 * Call context:
3479 * any
3480 ----------------------------------------------------------------*/
3481 static void
hfa384x_usbctlxq_run(hfa384x_t * hw)3482 hfa384x_usbctlxq_run(hfa384x_t *hw)
3483 {
3484 unsigned long flags;
3485 DBFENTER;
3486
3487 /* acquire lock */
3488 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3489
3490 /* Only one active CTLX at any one time, because there's no
3491 * other (reliable) way to match the response URB to the
3492 * correct CTLX.
3493 *
3494 * Don't touch any of these CTLXs if the hardware
3495 * has been removed or the USB subsystem is stalled.
3496 */
3497 if ( !list_empty(&hw->ctlxq.active) ||
3498 test_bit(WORK_TX_HALT, &hw->usb_flags) ||
3499 hw->wlandev->hwremoved )
3500 goto unlock;
3501
3502 while ( !list_empty(&hw->ctlxq.pending) ) {
3503 hfa384x_usbctlx_t *head;
3504 int result;
3505
3506 /* This is the first pending command */
3507 head = list_entry(hw->ctlxq.pending.next,
3508 hfa384x_usbctlx_t,
3509 list);
3510
3511 /* We need to split this off to avoid a race condition */
3512 list_move_tail(&head->list, &hw->ctlxq.active);
3513
3514 /* Fill the out packet */
3515 usb_fill_bulk_urb( &(hw->ctlx_urb), hw->usb,
3516 hw->endp_out,
3517 &(head->outbuf), ROUNDUP64(head->outbufsize),
3518 hfa384x_ctlxout_callback, hw);
3519 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
3520
3521 /* Now submit the URB and update the CTLX's state
3522 */
3523 if ((result = SUBMIT_URB(&hw->ctlx_urb, GFP_ATOMIC)) == 0) {
3524 /* This CTLX is now running on the active queue */
3525 head->state = CTLX_REQ_SUBMITTED;
3526
3527 /* Start the OUT wait timer */
3528 hw->req_timer_done = 0;
3529 hw->reqtimer.expires = jiffies + HZ;
3530 add_timer(&hw->reqtimer);
3531
3532 /* Start the IN wait timer */
3533 hw->resp_timer_done = 0;
3534 hw->resptimer.expires = jiffies + 2*HZ;
3535 add_timer(&hw->resptimer);
3536
3537 break;
3538 }
3539
3540 if (result == -EPIPE) {
3541 /* The OUT pipe needs resetting, so put
3542 * this CTLX back in the "pending" queue
3543 * and schedule a reset ...
3544 */
3545 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
3546 hw->wlandev->netdev->name);
3547 list_move(&head->list, &hw->ctlxq.pending);
3548 set_bit(WORK_TX_HALT, &hw->usb_flags);
3549 schedule_work(&hw->usb_work);
3550 break;
3551 }
3552
3553 if (result == -ESHUTDOWN) {
3554 WLAN_LOG_WARNING("%s urb shutdown!\n",
3555 hw->wlandev->netdev->name);
3556 break;
3557 }
3558
3559 WLAN_LOG_ERROR("Failed to submit CTLX[%d]: error=%d\n",
3560 hfa384x2host_16(head->outbuf.type), result);
3561 unlocked_usbctlx_complete(hw, head);
3562 } /* while */
3563
3564 unlock:
3565 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3566
3567 DBFEXIT;
3568 }
3569
3570
3571 /*----------------------------------------------------------------
3572 * hfa384x_usbin_callback
3573 *
3574 * Callback for URBs on the BULKIN endpoint.
3575 *
3576 * Arguments:
3577 * urb ptr to the completed urb
3578 *
3579 * Returns:
3580 * nothing
3581 *
3582 * Side effects:
3583 *
3584 * Call context:
3585 * interrupt
3586 ----------------------------------------------------------------*/
hfa384x_usbin_callback(struct urb * urb)3587 static void hfa384x_usbin_callback(struct urb *urb)
3588 {
3589 wlandevice_t *wlandev = urb->context;
3590 hfa384x_t *hw;
3591 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *) urb->transfer_buffer;
3592 struct sk_buff *skb = NULL;
3593 int result;
3594 int urb_status;
3595 u16 type;
3596
3597 enum USBIN_ACTION {
3598 HANDLE,
3599 RESUBMIT,
3600 ABORT
3601 } action;
3602
3603 DBFENTER;
3604
3605 if ( !wlandev ||
3606 !wlandev->netdev ||
3607 wlandev->hwremoved )
3608 goto exit;
3609
3610 hw = wlandev->priv;
3611 if (!hw)
3612 goto exit;
3613
3614 skb = hw->rx_urb_skb;
3615 if (!skb || (skb->data != urb->transfer_buffer)) {
3616 BUG();
3617 }
3618 hw->rx_urb_skb = NULL;
3619
3620 /* Check for error conditions within the URB */
3621 switch (urb->status) {
3622 case 0:
3623 action = HANDLE;
3624
3625 /* Check for short packet */
3626 if ( urb->actual_length == 0 ) {
3627 ++(wlandev->linux_stats.rx_errors);
3628 ++(wlandev->linux_stats.rx_length_errors);
3629 action = RESUBMIT;
3630 }
3631 break;
3632
3633 case -EPIPE:
3634 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
3635 wlandev->netdev->name);
3636 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
3637 schedule_work(&hw->usb_work);
3638 ++(wlandev->linux_stats.rx_errors);
3639 action = ABORT;
3640 break;
3641
3642 case -EILSEQ:
3643 case -ETIMEDOUT:
3644 case -EPROTO:
3645 if ( !test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3646 !timer_pending(&hw->throttle) ) {
3647 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3648 }
3649 ++(wlandev->linux_stats.rx_errors);
3650 action = ABORT;
3651 break;
3652
3653 case -EOVERFLOW:
3654 ++(wlandev->linux_stats.rx_over_errors);
3655 action = RESUBMIT;
3656 break;
3657
3658 case -ENODEV:
3659 case -ESHUTDOWN:
3660 WLAN_LOG_DEBUG(3,"status=%d, device removed.\n", urb->status);
3661 action = ABORT;
3662 break;
3663
3664 case -ENOENT:
3665 case -ECONNRESET:
3666 WLAN_LOG_DEBUG(3,"status=%d, urb explicitly unlinked.\n", urb->status);
3667 action = ABORT;
3668 break;
3669
3670 default:
3671 WLAN_LOG_DEBUG(3,"urb status=%d, transfer flags=0x%x\n",
3672 urb->status, urb->transfer_flags);
3673 ++(wlandev->linux_stats.rx_errors);
3674 action = RESUBMIT;
3675 break;
3676 }
3677
3678 urb_status = urb->status;
3679
3680 if (action != ABORT) {
3681 /* Repost the RX URB */
3682 result = submit_rx_urb(hw, GFP_ATOMIC);
3683
3684 if (result != 0) {
3685 WLAN_LOG_ERROR(
3686 "Fatal, failed to resubmit rx_urb. error=%d\n",
3687 result);
3688 }
3689 }
3690
3691 /* Handle any USB-IN packet */
3692 /* Note: the check of the sw_support field, the type field doesn't
3693 * have bit 12 set like the docs suggest.
3694 */
3695 type = hfa384x2host_16(usbin->type);
3696 if (HFA384x_USB_ISRXFRM(type)) {
3697 if (action == HANDLE) {
3698 if (usbin->txfrm.desc.sw_support == 0x0123) {
3699 hfa384x_usbin_txcompl(wlandev, usbin);
3700 } else {
3701 skb_put(skb, sizeof(*usbin));
3702 hfa384x_usbin_rx(wlandev, skb);
3703 skb = NULL;
3704 }
3705 }
3706 goto exit;
3707 }
3708 if (HFA384x_USB_ISTXFRM(type)) {
3709 if (action == HANDLE)
3710 hfa384x_usbin_txcompl(wlandev, usbin);
3711 goto exit;
3712 }
3713 switch (type) {
3714 case HFA384x_USB_INFOFRM:
3715 if (action == ABORT)
3716 goto exit;
3717 if (action == HANDLE)
3718 hfa384x_usbin_info(wlandev, usbin);
3719 break;
3720
3721 case HFA384x_USB_CMDRESP:
3722 case HFA384x_USB_WRIDRESP:
3723 case HFA384x_USB_RRIDRESP:
3724 case HFA384x_USB_WMEMRESP:
3725 case HFA384x_USB_RMEMRESP:
3726 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3727 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3728 break;
3729
3730 case HFA384x_USB_BUFAVAIL:
3731 WLAN_LOG_DEBUG(3,"Received BUFAVAIL packet, frmlen=%d\n",
3732 usbin->bufavail.frmlen);
3733 break;
3734
3735 case HFA384x_USB_ERROR:
3736 WLAN_LOG_DEBUG(3,"Received USB_ERROR packet, errortype=%d\n",
3737 usbin->usberror.errortype);
3738 break;
3739
3740 default:
3741 WLAN_LOG_DEBUG(3,"Unrecognized USBIN packet, type=%x, status=%d\n",
3742 usbin->type, urb_status);
3743 break;
3744 } /* switch */
3745
3746 exit:
3747
3748 if (skb)
3749 dev_kfree_skb(skb);
3750
3751 DBFEXIT;
3752 }
3753
3754
3755 /*----------------------------------------------------------------
3756 * hfa384x_usbin_ctlx
3757 *
3758 * We've received a URB containing a Prism2 "response" message.
3759 * This message needs to be matched up with a CTLX on the active
3760 * queue and our state updated accordingly.
3761 *
3762 * Arguments:
3763 * hw ptr to hfa384x_t
3764 * usbin ptr to USB IN packet
3765 * urb_status status of this Bulk-In URB
3766 *
3767 * Returns:
3768 * nothing
3769 *
3770 * Side effects:
3771 *
3772 * Call context:
3773 * interrupt
3774 ----------------------------------------------------------------*/
hfa384x_usbin_ctlx(hfa384x_t * hw,hfa384x_usbin_t * usbin,int urb_status)3775 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
3776 int urb_status)
3777 {
3778 hfa384x_usbctlx_t *ctlx;
3779 int run_queue = 0;
3780 unsigned long flags;
3781
3782 DBFENTER;
3783
3784 retry:
3785 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3786
3787 /* There can be only one CTLX on the active queue
3788 * at any one time, and this is the CTLX that the
3789 * timers are waiting for.
3790 */
3791 if ( list_empty(&hw->ctlxq.active) ) {
3792 goto unlock;
3793 }
3794
3795 /* Remove the "response timeout". It's possible that
3796 * we are already too late, and that the timeout is
3797 * already running. And that's just too bad for us,
3798 * because we could lose our CTLX from the active
3799 * queue here ...
3800 */
3801 if (del_timer(&hw->resptimer) == 0) {
3802 if (hw->resp_timer_done == 0) {
3803 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3804 goto retry;
3805 }
3806 }
3807 else {
3808 hw->resp_timer_done = 1;
3809 }
3810
3811 ctlx = get_active_ctlx(hw);
3812
3813 if (urb_status != 0) {
3814 /*
3815 * Bad CTLX, so get rid of it. But we only
3816 * remove it from the active queue if we're no
3817 * longer expecting the OUT URB to complete.
3818 */
3819 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3820 run_queue = 1;
3821 } else {
3822 const u16 intype = (usbin->type&~host2hfa384x_16(0x8000));
3823
3824 /*
3825 * Check that our message is what we're expecting ...
3826 */
3827 if (ctlx->outbuf.type != intype) {
3828 WLAN_LOG_WARNING("Expected IN[%d], received IN[%d] - ignored.\n",
3829 hfa384x2host_16(ctlx->outbuf.type),
3830 hfa384x2host_16(intype));
3831 goto unlock;
3832 }
3833
3834 /* This URB has succeeded, so grab the data ... */
3835 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3836
3837 switch (ctlx->state) {
3838 case CTLX_REQ_SUBMITTED:
3839 /*
3840 * We have received our response URB before
3841 * our request has been acknowledged. Odd,
3842 * but our OUT URB is still alive...
3843 */
3844 WLAN_LOG_DEBUG(0, "Causality violation: please reboot Universe, or email linux-wlan-devel@lists.linux-wlan.com\n");
3845 ctlx->state = CTLX_RESP_COMPLETE;
3846 break;
3847
3848 case CTLX_REQ_COMPLETE:
3849 /*
3850 * This is the usual path: our request
3851 * has already been acknowledged, and
3852 * now we have received the reply too.
3853 */
3854 ctlx->state = CTLX_COMPLETE;
3855 unlocked_usbctlx_complete(hw, ctlx);
3856 run_queue = 1;
3857 break;
3858
3859 default:
3860 /*
3861 * Throw this CTLX away ...
3862 */
3863 WLAN_LOG_ERROR("Matched IN URB, CTLX[%d] in invalid state(%s)."
3864 " Discarded.\n",
3865 hfa384x2host_16(ctlx->outbuf.type),
3866 ctlxstr(ctlx->state));
3867 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3868 run_queue = 1;
3869 break;
3870 } /* switch */
3871 }
3872
3873 unlock:
3874 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3875
3876 if (run_queue)
3877 hfa384x_usbctlxq_run(hw);
3878
3879 DBFEXIT;
3880 }
3881
3882
3883 /*----------------------------------------------------------------
3884 * hfa384x_usbin_txcompl
3885 *
3886 * At this point we have the results of a previous transmit.
3887 *
3888 * Arguments:
3889 * wlandev wlan device
3890 * usbin ptr to the usb transfer buffer
3891 *
3892 * Returns:
3893 * nothing
3894 *
3895 * Side effects:
3896 *
3897 * Call context:
3898 * interrupt
3899 ----------------------------------------------------------------*/
hfa384x_usbin_txcompl(wlandevice_t * wlandev,hfa384x_usbin_t * usbin)3900 static void hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
3901 {
3902 u16 status;
3903 DBFENTER;
3904
3905 status = hfa384x2host_16(usbin->type); /* yeah I know it says type...*/
3906
3907 /* Was there an error? */
3908 if (HFA384x_TXSTATUS_ISERROR(status)) {
3909 prism2sta_ev_txexc(wlandev, status);
3910 } else {
3911 prism2sta_ev_tx(wlandev, status);
3912 }
3913 // prism2sta_ev_alloc(wlandev);
3914
3915 DBFEXIT;
3916 }
3917
3918
3919 /*----------------------------------------------------------------
3920 * hfa384x_usbin_rx
3921 *
3922 * At this point we have a successful received a rx frame packet.
3923 *
3924 * Arguments:
3925 * wlandev wlan device
3926 * usbin ptr to the usb transfer buffer
3927 *
3928 * Returns:
3929 * nothing
3930 *
3931 * Side effects:
3932 *
3933 * Call context:
3934 * interrupt
3935 ----------------------------------------------------------------*/
hfa384x_usbin_rx(wlandevice_t * wlandev,struct sk_buff * skb)3936 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb)
3937 {
3938 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *) skb->data;
3939 hfa384x_t *hw = wlandev->priv;
3940 int hdrlen;
3941 p80211_rxmeta_t *rxmeta;
3942 u16 data_len;
3943 u16 fc;
3944
3945 DBFENTER;
3946
3947 /* Byte order convert once up front. */
3948 usbin->rxfrm.desc.status =
3949 hfa384x2host_16(usbin->rxfrm.desc.status);
3950 usbin->rxfrm.desc.time =
3951 hfa384x2host_32(usbin->rxfrm.desc.time);
3952
3953 /* Now handle frame based on port# */
3954 switch( HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) )
3955 {
3956 case 0:
3957 fc = ieee2host16(usbin->rxfrm.desc.frame_control);
3958
3959 /* If exclude and we receive an unencrypted, drop it */
3960 if ( (wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3961 !WLAN_GET_FC_ISWEP(fc)){
3962 goto done;
3963 }
3964
3965 data_len = hfa384x2host_16(usbin->rxfrm.desc.data_len);
3966
3967 /* How much header data do we have? */
3968 hdrlen = p80211_headerlen(fc);
3969
3970 /* Pull off the descriptor */
3971 skb_pull(skb, sizeof(hfa384x_rx_frame_t));
3972
3973 /* Now shunt the header block up against the data block
3974 * with an "overlapping" copy
3975 */
3976 memmove(skb_push(skb, hdrlen),
3977 &usbin->rxfrm.desc.frame_control,
3978 hdrlen);
3979
3980 skb->dev = wlandev->netdev;
3981 skb->dev->last_rx = jiffies;
3982
3983 /* And set the frame length properly */
3984 skb_trim(skb, data_len + hdrlen);
3985
3986 /* The prism2 series does not return the CRC */
3987 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3988
3989 skb_reset_mac_header(skb);
3990
3991 /* Attach the rxmeta, set some stuff */
3992 p80211skb_rxmeta_attach(wlandev, skb);
3993 rxmeta = P80211SKB_RXMETA(skb);
3994 rxmeta->mactime = usbin->rxfrm.desc.time;
3995 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3996 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3997 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3998
3999 prism2sta_ev_rx(wlandev, skb);
4000
4001 break;
4002
4003 case 7:
4004 if ( ! HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status) ) {
4005 /* Copy to wlansnif skb */
4006 hfa384x_int_rxmonitor( wlandev, &usbin->rxfrm);
4007 dev_kfree_skb(skb);
4008 } else {
4009 WLAN_LOG_DEBUG(3,"Received monitor frame: FCSerr set\n");
4010 }
4011 break;
4012
4013 default:
4014 WLAN_LOG_WARNING("Received frame on unsupported port=%d\n",
4015 HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) );
4016 goto done;
4017 break;
4018 }
4019
4020 done:
4021 DBFEXIT;
4022 return;
4023 }
4024
4025 /*----------------------------------------------------------------
4026 * hfa384x_int_rxmonitor
4027 *
4028 * Helper function for int_rx. Handles monitor frames.
4029 * Note that this function allocates space for the FCS and sets it
4030 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
4031 * higher layers expect it. 0xffffffff is used as a flag to indicate
4032 * the FCS is bogus.
4033 *
4034 * Arguments:
4035 * wlandev wlan device structure
4036 * rxfrm rx descriptor read from card in int_rx
4037 *
4038 * Returns:
4039 * nothing
4040 *
4041 * Side effects:
4042 * Allocates an skb and passes it up via the PF_PACKET interface.
4043 * Call context:
4044 * interrupt
4045 ----------------------------------------------------------------*/
hfa384x_int_rxmonitor(wlandevice_t * wlandev,hfa384x_usb_rxfrm_t * rxfrm)4046 static void hfa384x_int_rxmonitor( wlandevice_t *wlandev, hfa384x_usb_rxfrm_t *rxfrm)
4047 {
4048 hfa384x_rx_frame_t *rxdesc = &(rxfrm->desc);
4049 unsigned int hdrlen = 0;
4050 unsigned int datalen = 0;
4051 unsigned int skblen = 0;
4052 u8 *datap;
4053 u16 fc;
4054 struct sk_buff *skb;
4055 hfa384x_t *hw = wlandev->priv;
4056
4057
4058 DBFENTER;
4059 /* Don't forget the status, time, and data_len fields are in host order */
4060 /* Figure out how big the frame is */
4061 fc = ieee2host16(rxdesc->frame_control);
4062 hdrlen = p80211_headerlen(fc);
4063 datalen = hfa384x2host_16(rxdesc->data_len);
4064
4065 /* Allocate an ind message+framesize skb */
4066 skblen = sizeof(p80211_caphdr_t) +
4067 hdrlen + datalen + WLAN_CRC_LEN;
4068
4069 /* sanity check the length */
4070 if ( skblen >
4071 (sizeof(p80211_caphdr_t) +
4072 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN) ) {
4073 WLAN_LOG_DEBUG(1, "overlen frm: len=%zd\n",
4074 skblen - sizeof(p80211_caphdr_t));
4075 }
4076
4077 if ( (skb = dev_alloc_skb(skblen)) == NULL ) {
4078 WLAN_LOG_ERROR("alloc_skb failed trying to allocate %d bytes\n", skblen);
4079 return;
4080 }
4081
4082 /* only prepend the prism header if in the right mode */
4083 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
4084 (hw->sniffhdr != 0)) {
4085 p80211_caphdr_t *caphdr;
4086 /* The NEW header format! */
4087 datap = skb_put(skb, sizeof(p80211_caphdr_t));
4088 caphdr = (p80211_caphdr_t*) datap;
4089
4090 caphdr->version = htonl(P80211CAPTURE_VERSION);
4091 caphdr->length = htonl(sizeof(p80211_caphdr_t));
4092 caphdr->mactime = __cpu_to_be64(rxdesc->time) * 1000;
4093 caphdr->hosttime = __cpu_to_be64(jiffies);
4094 caphdr->phytype = htonl(4); /* dss_dot11_b */
4095 caphdr->channel = htonl(hw->sniff_channel);
4096 caphdr->datarate = htonl(rxdesc->rate);
4097 caphdr->antenna = htonl(0); /* unknown */
4098 caphdr->priority = htonl(0); /* unknown */
4099 caphdr->ssi_type = htonl(3); /* rssi_raw */
4100 caphdr->ssi_signal = htonl(rxdesc->signal);
4101 caphdr->ssi_noise = htonl(rxdesc->silence);
4102 caphdr->preamble = htonl(0); /* unknown */
4103 caphdr->encoding = htonl(1); /* cck */
4104 }
4105
4106 /* Copy the 802.11 header to the skb (ctl frames may be less than a full header) */
4107 datap = skb_put(skb, hdrlen);
4108 memcpy( datap, &(rxdesc->frame_control), hdrlen);
4109
4110 /* If any, copy the data from the card to the skb */
4111 if ( datalen > 0 )
4112 {
4113 datap = skb_put(skb, datalen);
4114 memcpy(datap, rxfrm->data, datalen);
4115
4116 /* check for unencrypted stuff if WEP bit set. */
4117 if (*(datap - hdrlen + 1) & 0x40) // wep set
4118 if ((*(datap) == 0xaa) && (*(datap+1) == 0xaa))
4119 *(datap - hdrlen + 1) &= 0xbf; // clear wep; it's the 802.2 header!
4120 }
4121
4122 if (hw->sniff_fcs) {
4123 /* Set the FCS */
4124 datap = skb_put(skb, WLAN_CRC_LEN);
4125 memset( datap, 0xff, WLAN_CRC_LEN);
4126 }
4127
4128 /* pass it back up */
4129 prism2sta_ev_rx(wlandev, skb);
4130
4131 DBFEXIT;
4132 return;
4133 }
4134
4135
4136
4137 /*----------------------------------------------------------------
4138 * hfa384x_usbin_info
4139 *
4140 * At this point we have a successful received a Prism2 info frame.
4141 *
4142 * Arguments:
4143 * wlandev wlan device
4144 * usbin ptr to the usb transfer buffer
4145 *
4146 * Returns:
4147 * nothing
4148 *
4149 * Side effects:
4150 *
4151 * Call context:
4152 * interrupt
4153 ----------------------------------------------------------------*/
hfa384x_usbin_info(wlandevice_t * wlandev,hfa384x_usbin_t * usbin)4154 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
4155 {
4156 DBFENTER;
4157
4158 usbin->infofrm.info.framelen = hfa384x2host_16(usbin->infofrm.info.framelen);
4159 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
4160
4161 DBFEXIT;
4162 }
4163
4164
4165
4166 /*----------------------------------------------------------------
4167 * hfa384x_usbout_callback
4168 *
4169 * Callback for URBs on the BULKOUT endpoint.
4170 *
4171 * Arguments:
4172 * urb ptr to the completed urb
4173 *
4174 * Returns:
4175 * nothing
4176 *
4177 * Side effects:
4178 *
4179 * Call context:
4180 * interrupt
4181 ----------------------------------------------------------------*/
hfa384x_usbout_callback(struct urb * urb)4182 static void hfa384x_usbout_callback(struct urb *urb)
4183 {
4184 wlandevice_t *wlandev = urb->context;
4185 hfa384x_usbout_t *usbout = urb->transfer_buffer;
4186 DBFENTER;
4187
4188 #ifdef DEBUG_USB
4189 dbprint_urb(urb);
4190 #endif
4191
4192 if ( wlandev &&
4193 wlandev->netdev ) {
4194
4195 switch(urb->status) {
4196 case 0:
4197 hfa384x_usbout_tx(wlandev, usbout);
4198 break;
4199
4200 case -EPIPE:
4201 {
4202 hfa384x_t *hw = wlandev->priv;
4203 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4204 wlandev->netdev->name);
4205 if ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) )
4206 schedule_work(&hw->usb_work);
4207 ++(wlandev->linux_stats.tx_errors);
4208 break;
4209 }
4210
4211 case -EPROTO:
4212 case -ETIMEDOUT:
4213 case -EILSEQ:
4214 {
4215 hfa384x_t *hw = wlandev->priv;
4216
4217 if ( !test_and_set_bit(THROTTLE_TX, &hw->usb_flags)
4218 && !timer_pending(&hw->throttle) ) {
4219 mod_timer(&hw->throttle,
4220 jiffies + THROTTLE_JIFFIES);
4221 }
4222 ++(wlandev->linux_stats.tx_errors);
4223 netif_stop_queue(wlandev->netdev);
4224 break;
4225 }
4226
4227 case -ENOENT:
4228 case -ESHUTDOWN:
4229 /* Ignorable errors */
4230 break;
4231
4232 default:
4233 WLAN_LOG_INFO("unknown urb->status=%d\n", urb->status);
4234 ++(wlandev->linux_stats.tx_errors);
4235 break;
4236 } /* switch */
4237 }
4238
4239 DBFEXIT;
4240 }
4241
4242
4243 /*----------------------------------------------------------------
4244 * hfa384x_ctlxout_callback
4245 *
4246 * Callback for control data on the BULKOUT endpoint.
4247 *
4248 * Arguments:
4249 * urb ptr to the completed urb
4250 *
4251 * Returns:
4252 * nothing
4253 *
4254 * Side effects:
4255 *
4256 * Call context:
4257 * interrupt
4258 ----------------------------------------------------------------*/
hfa384x_ctlxout_callback(struct urb * urb)4259 static void hfa384x_ctlxout_callback(struct urb *urb)
4260 {
4261 hfa384x_t *hw = urb->context;
4262 int delete_resptimer = 0;
4263 int timer_ok = 1;
4264 int run_queue = 0;
4265 hfa384x_usbctlx_t *ctlx;
4266 unsigned long flags;
4267
4268 DBFENTER;
4269
4270 WLAN_LOG_DEBUG(3,"urb->status=%d\n", urb->status);
4271 #ifdef DEBUG_USB
4272 dbprint_urb(urb);
4273 #endif
4274 if ( (urb->status == -ESHUTDOWN) ||
4275 (urb->status == -ENODEV) ||
4276 (hw == NULL) )
4277 goto done;
4278
4279 retry:
4280 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4281
4282 /*
4283 * Only one CTLX at a time on the "active" list, and
4284 * none at all if we are unplugged. However, we can
4285 * rely on the disconnect function to clean everything
4286 * up if someone unplugged the adapter.
4287 */
4288 if ( list_empty(&hw->ctlxq.active) ) {
4289 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4290 goto done;
4291 }
4292
4293 /*
4294 * Having something on the "active" queue means
4295 * that we have timers to worry about ...
4296 */
4297 if (del_timer(&hw->reqtimer) == 0) {
4298 if (hw->req_timer_done == 0) {
4299 /*
4300 * This timer was actually running while we
4301 * were trying to delete it. Let it terminate
4302 * gracefully instead.
4303 */
4304 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4305 goto retry;
4306 }
4307 }
4308 else {
4309 hw->req_timer_done = 1;
4310 }
4311
4312 ctlx = get_active_ctlx(hw);
4313
4314 if ( urb->status == 0 ) {
4315 /* Request portion of a CTLX is successful */
4316 switch ( ctlx->state ) {
4317 case CTLX_REQ_SUBMITTED:
4318 /* This OUT-ACK received before IN */
4319 ctlx->state = CTLX_REQ_COMPLETE;
4320 break;
4321
4322 case CTLX_RESP_COMPLETE:
4323 /* IN already received before this OUT-ACK,
4324 * so this command must now be complete.
4325 */
4326 ctlx->state = CTLX_COMPLETE;
4327 unlocked_usbctlx_complete(hw, ctlx);
4328 run_queue = 1;
4329 break;
4330
4331 default:
4332 /* This is NOT a valid CTLX "success" state! */
4333 WLAN_LOG_ERROR(
4334 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
4335 hfa384x2host_16(ctlx->outbuf.type),
4336 ctlxstr(ctlx->state), urb->status);
4337 break;
4338 } /* switch */
4339 } else {
4340 /* If the pipe has stalled then we need to reset it */
4341 if ( (urb->status == -EPIPE) &&
4342 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) ) {
4343 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4344 hw->wlandev->netdev->name);
4345 schedule_work(&hw->usb_work);
4346 }
4347
4348 /* If someone cancels the OUT URB then its status
4349 * should be either -ECONNRESET or -ENOENT.
4350 */
4351 ctlx->state = CTLX_REQ_FAILED;
4352 unlocked_usbctlx_complete(hw, ctlx);
4353 delete_resptimer = 1;
4354 run_queue = 1;
4355 }
4356
4357 delresp:
4358 if (delete_resptimer) {
4359 if ((timer_ok = del_timer(&hw->resptimer)) != 0) {
4360 hw->resp_timer_done = 1;
4361 }
4362 }
4363
4364 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4365
4366 if ( !timer_ok && (hw->resp_timer_done == 0) ) {
4367 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4368 goto delresp;
4369 }
4370
4371 if (run_queue)
4372 hfa384x_usbctlxq_run(hw);
4373
4374 done:
4375 DBFEXIT;
4376 }
4377
4378
4379 /*----------------------------------------------------------------
4380 * hfa384x_usbctlx_reqtimerfn
4381 *
4382 * Timer response function for CTLX request timeouts. If this
4383 * function is called, it means that the callback for the OUT
4384 * URB containing a Prism2.x XXX_Request was never called.
4385 *
4386 * Arguments:
4387 * data a ptr to the hfa384x_t
4388 *
4389 * Returns:
4390 * nothing
4391 *
4392 * Side effects:
4393 *
4394 * Call context:
4395 * interrupt
4396 ----------------------------------------------------------------*/
4397 static void
hfa384x_usbctlx_reqtimerfn(unsigned long data)4398 hfa384x_usbctlx_reqtimerfn(unsigned long data)
4399 {
4400 hfa384x_t *hw = (hfa384x_t*)data;
4401 unsigned long flags;
4402 DBFENTER;
4403
4404 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4405
4406 hw->req_timer_done = 1;
4407
4408 /* Removing the hardware automatically empties
4409 * the active list ...
4410 */
4411 if ( !list_empty(&hw->ctlxq.active) )
4412 {
4413 /*
4414 * We must ensure that our URB is removed from
4415 * the system, if it hasn't already expired.
4416 */
4417 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
4418 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS)
4419 {
4420 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4421
4422 ctlx->state = CTLX_REQ_FAILED;
4423
4424 /* This URB was active, but has now been
4425 * cancelled. It will now have a status of
4426 * -ECONNRESET in the callback function.
4427 *
4428 * We are cancelling this CTLX, so we're
4429 * not going to need to wait for a response.
4430 * The URB's callback function will check
4431 * that this timer is truly dead.
4432 */
4433 if (del_timer(&hw->resptimer) != 0)
4434 hw->resp_timer_done = 1;
4435 }
4436 }
4437
4438 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4439
4440 DBFEXIT;
4441 }
4442
4443
4444 /*----------------------------------------------------------------
4445 * hfa384x_usbctlx_resptimerfn
4446 *
4447 * Timer response function for CTLX response timeouts. If this
4448 * function is called, it means that the callback for the IN
4449 * URB containing a Prism2.x XXX_Response was never called.
4450 *
4451 * Arguments:
4452 * data a ptr to the hfa384x_t
4453 *
4454 * Returns:
4455 * nothing
4456 *
4457 * Side effects:
4458 *
4459 * Call context:
4460 * interrupt
4461 ----------------------------------------------------------------*/
4462 static void
hfa384x_usbctlx_resptimerfn(unsigned long data)4463 hfa384x_usbctlx_resptimerfn(unsigned long data)
4464 {
4465 hfa384x_t *hw = (hfa384x_t*)data;
4466 unsigned long flags;
4467
4468 DBFENTER;
4469
4470 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4471
4472 hw->resp_timer_done = 1;
4473
4474 /* The active list will be empty if the
4475 * adapter has been unplugged ...
4476 */
4477 if ( !list_empty(&hw->ctlxq.active) )
4478 {
4479 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4480
4481 if ( unlocked_usbctlx_cancel_async(hw, ctlx) == 0 )
4482 {
4483 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4484 hfa384x_usbctlxq_run(hw);
4485 goto done;
4486 }
4487 }
4488
4489 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4490
4491 done:
4492 DBFEXIT;
4493 }
4494
4495 /*----------------------------------------------------------------
4496 * hfa384x_usb_throttlefn
4497 *
4498 *
4499 * Arguments:
4500 * data ptr to hw
4501 *
4502 * Returns:
4503 * Nothing
4504 *
4505 * Side effects:
4506 *
4507 * Call context:
4508 * Interrupt
4509 ----------------------------------------------------------------*/
4510 static void
hfa384x_usb_throttlefn(unsigned long data)4511 hfa384x_usb_throttlefn(unsigned long data)
4512 {
4513 hfa384x_t *hw = (hfa384x_t*)data;
4514 unsigned long flags;
4515
4516 DBFENTER;
4517
4518 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4519
4520 /*
4521 * We need to check BOTH the RX and the TX throttle controls,
4522 * so we use the bitwise OR instead of the logical OR.
4523 */
4524 WLAN_LOG_DEBUG(3, "flags=0x%lx\n", hw->usb_flags);
4525 if ( !hw->wlandev->hwremoved &&
4526 (
4527 (test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
4528 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags))
4529 |
4530 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
4531 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
4532 ) )
4533 {
4534 schedule_work(&hw->usb_work);
4535 }
4536
4537 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4538
4539 DBFEXIT;
4540 }
4541
4542
4543 /*----------------------------------------------------------------
4544 * hfa384x_usbctlx_submit
4545 *
4546 * Called from the doxxx functions to submit a CTLX to the queue
4547 *
4548 * Arguments:
4549 * hw ptr to the hw struct
4550 * ctlx ctlx structure to enqueue
4551 *
4552 * Returns:
4553 * -ENODEV if the adapter is unplugged
4554 * 0
4555 *
4556 * Side effects:
4557 *
4558 * Call context:
4559 * process or interrupt
4560 ----------------------------------------------------------------*/
4561 static int
hfa384x_usbctlx_submit(hfa384x_t * hw,hfa384x_usbctlx_t * ctlx)4562 hfa384x_usbctlx_submit(
4563 hfa384x_t *hw,
4564 hfa384x_usbctlx_t *ctlx)
4565 {
4566 unsigned long flags;
4567 int ret;
4568
4569 DBFENTER;
4570
4571 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4572
4573 if (hw->wlandev->hwremoved) {
4574 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4575 ret = -ENODEV;
4576 } else {
4577 ctlx->state = CTLX_PENDING;
4578 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
4579
4580 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4581 hfa384x_usbctlxq_run(hw);
4582 ret = 0;
4583 }
4584
4585 DBFEXIT;
4586 return ret;
4587 }
4588
4589
4590 /*----------------------------------------------------------------
4591 * hfa384x_usbout_tx
4592 *
4593 * At this point we have finished a send of a frame. Mark the URB
4594 * as available and call ev_alloc to notify higher layers we're
4595 * ready for more.
4596 *
4597 * Arguments:
4598 * wlandev wlan device
4599 * usbout ptr to the usb transfer buffer
4600 *
4601 * Returns:
4602 * nothing
4603 *
4604 * Side effects:
4605 *
4606 * Call context:
4607 * interrupt
4608 ----------------------------------------------------------------*/
hfa384x_usbout_tx(wlandevice_t * wlandev,hfa384x_usbout_t * usbout)4609 static void hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout)
4610 {
4611 DBFENTER;
4612
4613 prism2sta_ev_alloc(wlandev);
4614
4615 DBFEXIT;
4616 }
4617
4618 /*----------------------------------------------------------------
4619 * hfa384x_isgood_pdrcore
4620 *
4621 * Quick check of PDR codes.
4622 *
4623 * Arguments:
4624 * pdrcode PDR code number (host order)
4625 *
4626 * Returns:
4627 * zero not good.
4628 * one is good.
4629 *
4630 * Side effects:
4631 *
4632 * Call context:
4633 ----------------------------------------------------------------*/
4634 static int
hfa384x_isgood_pdrcode(u16 pdrcode)4635 hfa384x_isgood_pdrcode(u16 pdrcode)
4636 {
4637 switch(pdrcode) {
4638 case HFA384x_PDR_END_OF_PDA:
4639 case HFA384x_PDR_PCB_PARTNUM:
4640 case HFA384x_PDR_PDAVER:
4641 case HFA384x_PDR_NIC_SERIAL:
4642 case HFA384x_PDR_MKK_MEASUREMENTS:
4643 case HFA384x_PDR_NIC_RAMSIZE:
4644 case HFA384x_PDR_MFISUPRANGE:
4645 case HFA384x_PDR_CFISUPRANGE:
4646 case HFA384x_PDR_NICID:
4647 case HFA384x_PDR_MAC_ADDRESS:
4648 case HFA384x_PDR_REGDOMAIN:
4649 case HFA384x_PDR_ALLOWED_CHANNEL:
4650 case HFA384x_PDR_DEFAULT_CHANNEL:
4651 case HFA384x_PDR_TEMPTYPE:
4652 case HFA384x_PDR_IFR_SETTING:
4653 case HFA384x_PDR_RFR_SETTING:
4654 case HFA384x_PDR_HFA3861_BASELINE:
4655 case HFA384x_PDR_HFA3861_SHADOW:
4656 case HFA384x_PDR_HFA3861_IFRF:
4657 case HFA384x_PDR_HFA3861_CHCALSP:
4658 case HFA384x_PDR_HFA3861_CHCALI:
4659 case HFA384x_PDR_3842_NIC_CONFIG:
4660 case HFA384x_PDR_USB_ID:
4661 case HFA384x_PDR_PCI_ID:
4662 case HFA384x_PDR_PCI_IFCONF:
4663 case HFA384x_PDR_PCI_PMCONF:
4664 case HFA384x_PDR_RFENRGY:
4665 case HFA384x_PDR_HFA3861_MANF_TESTSP:
4666 case HFA384x_PDR_HFA3861_MANF_TESTI:
4667 /* code is OK */
4668 return 1;
4669 break;
4670 default:
4671 if ( pdrcode < 0x1000 ) {
4672 /* code is OK, but we don't know exactly what it is */
4673 WLAN_LOG_DEBUG(3,
4674 "Encountered unknown PDR#=0x%04x, "
4675 "assuming it's ok.\n",
4676 pdrcode);
4677 return 1;
4678 } else {
4679 /* bad code */
4680 WLAN_LOG_DEBUG(3,
4681 "Encountered unknown PDR#=0x%04x, "
4682 "(>=0x1000), assuming it's bad.\n",
4683 pdrcode);
4684 return 0;
4685 }
4686 break;
4687 }
4688 return 0; /* avoid compiler warnings */
4689 }
4690
4691